+++ /dev/null
-diff -ruN proftpd-1.2.10-old/src/main.c proftpd-1.2.10/src/main.c
---- proftpd-1.2.10-old/src/main.c 2006-11-20 14:06:17.000000000 +0100
-+++ proftpd-1.2.10/src/main.c 2006-11-20 14:07:03.000000000 +0100
-@@ -118,6 +118,8 @@
-
- static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
-
-+#define PR_DEFAULT_CMD_BUFSZ 512
-+
- static char **Argv = NULL;
- static char *LastArgv = NULL;
- static const char *PidPath = PID_FILE_PATH;
-@@ -810,16 +812,25 @@
- reset_timer(TIMER_IDLE, NULL);
-
- if (cmd_buf_size == -1) {
-- long *buf_size = get_param_ptr(main_server->conf,
-- "CommandBufferSize", FALSE);
--
-- if (buf_size == NULL || *buf_size <= 0)
-- cmd_buf_size = 512;
-+ int *bufsz = get_param_ptr(main_server->conf, "CommandBufferSize", FALSE);
-+ if (bufsz == NULL) {
-+ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
-+
-+ } else if (*bufsz <= 0) {
-+ pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
-+ "given, using default buffer size (%u) instead",
-+ *bufsz, PR_DEFAULT_CMD_BUFSZ);
-+ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
-+
-+ } else if (*bufsz + 1 > sizeof(buf)) {
-+ pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
-+ "given, using default buffer size (%u) instead",
-+ *bufsz, PR_DEFAULT_CMD_BUFSZ);
-+ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
-
-- else if (*buf_size + 1 > sizeof(buf)) {
-- pr_log_pri(PR_LOG_WARNING, "Invalid CommandBufferSize size given. "
-- "Resetting to 512.");
-- cmd_buf_size = 512;
-+ } else {
-+ pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
-+ cmd_buf_size = (long) *bufsz;
- }
- }
-
+++ /dev/null
-Index: src/ctrls.c
-===================================================================
-RCS file: /cvsroot/proftp/proftpd/src/ctrls.c,v
-retrieving revision 1.14
-diff -u -r1.14 ctrls.c
---- src/ctrls.c 24 Oct 2006 16:13:31 -0000 1.14
-+++ src/ctrls.c 8 Dec 2006 17:02:34 -0000
-@@ -534,11 +534,20 @@
- return -1;
- }
-
-+ if (reqarglen >= sizeof(reqaction)) {
-+ pr_signals_unblock();
-+ errno = ENOMEM;
-+ return -1;
-+ }
-+
-+ memset(reqaction, '\0', sizeof(reqaction));
-+
- if (read(cl->cl_fd, reqaction, reqarglen) < 0) {
- pr_signals_unblock();
- return -1;
- }
-
-+ reqaction[sizeof(reqaction)-1] = '\0';
- nreqargs--;
-
- /* Find a matching action object, and use it to populate a ctrl object,
-@@ -657,17 +666,16 @@
- return -1;
- }
-
-- memset(response, '\0', sizeof(response));
--
- /* Make sure resparglen is not too big */
-- if (resparglen > sizeof(response)) {
-+ if (resparglen >= sizeof(response)) {
- pr_signals_unblock();
- errno = ENOMEM;
- return -1;
- }
-
-- bread = read(ctrls_sockfd, response, resparglen);
-+ memset(response, '\0', sizeof(response));
-
-+ bread = read(ctrls_sockfd, response, resparglen);
- while (bread != resparglen) {
- if (bread < 0) {
- pr_signals_unblock();