From 3c8c6f7bcbc23a66c5122166ef847d79dd0c7c8f Mon Sep 17 00:00:00 2001 From: adrianp Date: Sat, 18 Nov 2006 14:32:58 +0000 Subject: Add patch-ac for CVE-2006-5815 Patch from ProFTPD CVS: http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&view=patch&sortby=date --- net/proftpd/Makefile | 4 ++-- net/proftpd/distinfo | 3 ++- net/proftpd/patches/patch-ac | 47 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 net/proftpd/patches/patch-ac (limited to 'net') diff --git a/net/proftpd/Makefile b/net/proftpd/Makefile index 7a435aa58d6..097797d36f6 100644 --- a/net/proftpd/Makefile +++ b/net/proftpd/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.35 2006/05/01 21:17:06 minskim Exp $ +# $NetBSD: Makefile,v 1.36 2006/11/18 14:32:58 adrianp Exp $ DISTNAME= proftpd-1.3.0 -#PKGREVISION= 1 +PKGREVISION= 1 CATEGORIES= net MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ \ ftp://ftp.servus.at/ProFTPD/distrib/source/ \ diff --git a/net/proftpd/distinfo b/net/proftpd/distinfo index f9199396f28..0b91f5d2e86 100644 --- a/net/proftpd/distinfo +++ b/net/proftpd/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.18 2006/04/17 05:33:09 martti Exp $ +$NetBSD: distinfo,v 1.19 2006/11/18 14:32:58 adrianp Exp $ SHA1 (proftpd-1.3.0.tar.bz2) = d117134035a3d8d130c5aa44d6b1788683a33410 RMD160 (proftpd-1.3.0.tar.bz2) = 46cdd29a6c6ce4c3dd8f1a972df0a52b90a6d2ec Size (proftpd-1.3.0.tar.bz2) = 1386086 bytes SHA1 (patch-aa) = 5ebfe97a0edb8ecee7495fd5d487eff3cf32d1fe SHA1 (patch-ab) = 8886177b90089c8a2fa580aceb7a0514fe0ea6a7 +SHA1 (patch-ac) = 25a0b27773e5e025096cf08ad33243aaf143fbb8 diff --git a/net/proftpd/patches/patch-ac b/net/proftpd/patches/patch-ac new file mode 100644 index 00000000000..9da9504f99d --- /dev/null +++ b/net/proftpd/patches/patch-ac @@ -0,0 +1,47 @@ +$NetBSD: patch-ac,v 1.5 2006/11/18 14:32:58 adrianp Exp $ + +--- src/main.c.orig 2006-11-18 14:24:35.000000000 +0000 ++++ src/main.c +@@ -116,6 +116,8 @@ static unsigned char have_dead_child = F + + static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'}; + ++#define PR_DEFAULT_CMD_BUFSZ 512 ++ + static char **Argv = NULL; + static char *LastArgv = NULL; + static const char *PidPath = PR_PID_FILE_PATH; +@@ -820,16 +822,25 @@ static void cmd_loop(server_rec *server, + pr_timer_reset(TIMER_IDLE, NULL); + + if (cmd_buf_size == -1) { +- long *buf_size = get_param_ptr(main_server->conf, +- "CommandBufferSize", FALSE); ++ int *bufsz = get_param_ptr(main_server->conf, "CommandBufferSize", ++ FALSE); + +- if (buf_size == NULL || *buf_size <= 0) +- cmd_buf_size = 512; ++ if (bufsz == NULL || ++ *bufsz <= 0) { ++ pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) " ++ "given, resetting to default buffer size (%u)", ++ *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ); ++ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ; ++ ++ } else if (*bufsz + 1 > sizeof(buf)) { ++ pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) " ++ "given, resetting to default buffer size (%u)", ++ *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ); ++ cmd_buf_size = PR_DEFAULT_CMD_BUFSZ; + +- else if (*buf_size + 1 > sizeof(buf)) { +- pr_log_pri(PR_LOG_WARNING, "Invalid CommandBufferSize size given. " +- "Resetting to 512."); +- cmd_buf_size = 512; ++ } else { ++ pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz); ++ cmd_buf_size = (long) *bufsz; + } + } + -- cgit v1.2.3