From e0b0cadabd6750c0fd8c51657da3f222623d26c8 Mon Sep 17 00:00:00 2001 From: rh Date: Sun, 14 Feb 1999 15:27:50 +0000 Subject: Fix some more buffer overflow vulnerabilities described on bugtraq and http://www.cert.org/advisories/CA-99-03-FTP-Buffer-Overflows.html, but not covered by the RedHat patch. Remove dependency on deprecated unix define. --- net/wu-ftpd/Makefile | 6 ++-- net/wu-ftpd/patches/patch-al | 69 ++++++++++++++++++++++++++++++++------------ net/wu-ftpd/patches/patch-am | 49 +++++++++++++++++++++++++++++++ net/wu-ftpd/patches/patch-an | 23 +++++++++++++++ 4 files changed, 125 insertions(+), 22 deletions(-) create mode 100644 net/wu-ftpd/patches/patch-am create mode 100644 net/wu-ftpd/patches/patch-an (limited to 'net/wu-ftpd') diff --git a/net/wu-ftpd/Makefile b/net/wu-ftpd/Makefile index 7b32f139770..98bb8298082 100644 --- a/net/wu-ftpd/Makefile +++ b/net/wu-ftpd/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.7 1999/02/13 09:05:02 rh Exp $ -# $FreeBSD Id: Makefile,v 1.16 1997/12/24 17:45:28 ache Exp +# $NetBSD: Makefile,v 1.8 1999/02/14 15:27:50 rh Exp $ +# FreeBSD Id: Makefile,v 1.16 1997/12/24 17:45:28 ache Exp # # REMINDER: to use ftpaccess(5) you need to specify -a in command line, # it is changed from previous versions DISTNAME= wu-ftpd-2.4.2-beta-18 -PKGNAME= wu-ftpd-2.4.2b18 +PKGNAME= wu-ftpd-2.4.2b18.2 CATEGORIES= net # AUSCERT recommendation MASTER_SITES= ftp://ftp.academ.com/pub/wu-ftpd/private/ \ diff --git a/net/wu-ftpd/patches/patch-al b/net/wu-ftpd/patches/patch-al index abd68a2bc38..ac8f7ac9087 100644 --- a/net/wu-ftpd/patches/patch-al +++ b/net/wu-ftpd/patches/patch-al @@ -1,32 +1,63 @@ -$NetBSD: patch-al,v 1.3 1999/02/13 09:05:02 rh Exp $ +$NetBSD: patch-al,v 1.4 1999/02/14 15:27:50 rh Exp $ --- src/realpath.c.orig Mon Jul 6 11:14:39 1998 -+++ src/realpath.c Sat Feb 13 07:47:55 1999 -@@ -143,7 +143,13 @@ ++++ src/realpath.c Sun Feb 14 14:42:03 1999 +@@ -70,7 +70,8 @@ + if (result == NULL) /* result must not be null! */ + return(NULL); + +- if(pathname == NULL){ /* if pathname is null, there is nothing to do */ ++ if(pathname == NULL || /* if pathname is null, there is nothing to do */ ++ strlen (pathname) >= sizeof curpath) { /* pathname too long: bail out */ + *result = '\0'; + return(NULL); + } +@@ -141,9 +142,22 @@ + strcpy(namebuf, workpath); + for (last = namebuf; *last; last++) continue; - if ((last == namebuf) || (*--last != '/')) - strcat(namebuf, "/"); -+ if (strlen(namebuf)+strlen(where) < sizeof(namebuf)) { - strcat(namebuf, where); -+ } else { -+ /* path too long: bail out */ -+ strcpy(result, "\0"); -+ return (NULL); -+ } +- if ((last == namebuf) || (*--last != '/')) +- strcat(namebuf, "/"); +- strcat(namebuf, where); ++ if ((last == namebuf) || (*--last != '/')) { ++ if (strlen (namebuf) + 1 < sizeof (namebuf)) { ++ strcat(namebuf, "/"); ++ } else { ++ /* path too long: bail out */ ++ *result = '\0'; ++ return (NULL); ++ } ++ } ++ if (strlen(namebuf)+strlen(where) < sizeof(namebuf)) { ++ strcat(namebuf, where); ++ } else { ++ /* path too long: bail out */ ++ *result = '\0'; ++ return (NULL); ++ } where = ++ptr; if (lstat(namebuf, &sbuf) == -1) { -@@ -164,7 +170,13 @@ +@@ -153,7 +167,7 @@ + /* was IFLNK */ + #ifdef HAVE_SYMLINK + if ((sbuf.st_mode & S_IFMT) == S_IFLNK) { +- len = readlink(namebuf, linkpath, MAXPATHLEN); ++ len = readlink(namebuf, linkpath, sizeof(linkpath) - 1); + if (len == 0) { + strcpy(result, namebuf); + return (NULL); +@@ -164,7 +178,13 @@ *workpath = '\0'; if (*where) { strcat(linkpath, "/"); -+ if (strlen(linkpath) + strlen(where) < sizeof(linkpath)) { ++ if (strlen(linkpath) + strlen(where) < sizeof(linkpath)) { strcat(linkpath, where); -+ } else { -+ /* path too long: bail out */ -+ strcpy(result, "\0"); -+ return (NULL); -+ } ++ } else { ++ /* path too long: bail out */ ++ *result = '\0'; ++ return (NULL); ++ } } strcpy(curpath, linkpath); goto loop; diff --git a/net/wu-ftpd/patches/patch-am b/net/wu-ftpd/patches/patch-am new file mode 100644 index 00000000000..c14a0079865 --- /dev/null +++ b/net/wu-ftpd/patches/patch-am @@ -0,0 +1,49 @@ +$NetBSD: patch-am,v 1.3 1999/02/14 15:27:51 rh Exp $ + +--- src/extensions.c.orig Mon Jul 6 11:14:17 1998 ++++ src/extensions.c Sun Feb 14 14:53:10 1999 +@@ -990,14 +990,19 @@ + *ap3 = NULL, + *ap4 = NULL, + *ap6 = NULL; +- char cwdir[BUFSIZ]; +- char path[BUFSIZ]; ++ char cwdir[MAXPATHLEN]; ++ char path[MAXPATHLEN]; + char *sp; + extern struct passwd *pw; + + *valid = 0; + /* what's our current directory? */ + ++ if (strlen (name) >= sizeof path) { /* path too long? --> bail out */ ++ perror_reply(550, "Could not determine cwdir"); ++ return(-1); ++ } ++ + strcpy(path, name); + if (sp = strrchr(path, '/')) *sp = '\0'; + else strcpy(path, "."); +@@ -1046,8 +1051,8 @@ + #endif + { + int match_value = -1; +- char cwdir[BUFSIZ]; +- char path[BUFSIZ]; ++ char cwdir[MAXPATHLEN]; ++ char path[MAXPATHLEN]; + char *sp; + int i; + +@@ -1063,6 +1068,11 @@ + *valid = 0; + + /* what's our current directory? */ ++ ++ if (strlen (name) >= sizeof path) { /* path too long? --> bail out */ ++ perror_reply(550, "Could not determine cwdir"); ++ return(-1); ++ } + + strcpy(path, name); + if (sp = strrchr(path, '/')) *sp = '\0'; diff --git a/net/wu-ftpd/patches/patch-an b/net/wu-ftpd/patches/patch-an new file mode 100644 index 00000000000..7457ef18d23 --- /dev/null +++ b/net/wu-ftpd/patches/patch-an @@ -0,0 +1,23 @@ +$NetBSD: patch-an,v 1.1 1999/02/14 15:27:51 rh Exp $ + +--- src/ftpcmd.y.orig Mon Jul 6 11:14:19 1998 ++++ src/ftpcmd.y Sun Feb 14 16:00:55 1999 +@@ -641,16 +641,16 @@ + | SYST CRLF + = { + if (log_commands) syslog(LOG_INFO, "SYST"); +-#ifdef unix + #ifdef BSD + reply(215, "UNIX Type: L%d Version: BSD-%d", + NBBY, BSD); + #else /* BSD */ ++#ifdef unix + reply(215, "UNIX Type: L%d", NBBY); +-#endif /* BSD */ + #else /* unix */ + reply(215, "UNKNOWN Type: L%d", NBBY); + #endif /* unix */ ++#endif /* BSD */ + } + + /* -- cgit v1.2.3