1 files changed, 15 insertions, 0 deletions

diff --git a/net/cftp/patches/patch-ab b/net/cftp/patches/patch-ab
new file mode 100644
index 00000000000..b8d1e7e39b3
--- /dev/null
+++ b/net/cftp/patches/patch-ab
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.1 2008/04/13 12:20:18 dillo Exp $
+
+Fix for local buffer overflow, from cftp mercurial repository (r574).
+
+--- readrc.c	Wed Jul 04 18:18:41 2007 +0200
++++ readrc.c	Sun Apr 13 14:10:51 2008 +0200
+@@ -57,7 +55,7 @@ readrc(char **userp, char **passp, char 
+     char b[8192], *p, *tok, *q, *home;
+     char *user, *pass, *host, *port, *wdir;
+ 
+-    if ((home=getenv("HOME")) == NULL)
++    if ((home=getenv("HOME")) == NULL || strlen(home) > sizeof(b)-9)
+ 	home = "";
+     sprintf(b, "%s/.cftprc", home);
+