- Kalle Olavi Niemitalo discovered two boundary errors in fsplib code

included in gFTP when processing overly long directory or file names. - Bump PORTREVISION Reviewed by: simon Approved by: portmgr (erwin) Obtained from: gentoo cvs Security: http://www.vuxml.org/freebsd/f8b0f83c-8bb3-11dc-bffa-0016179b2dd5.html
svn path=/head/; revision=202530
2007-11-05 21:54:46 +00:00 · 2007-11-05 21:54:46 +00:00 · dff5dcf957 · 2021-03-31 03:12:20 +00:00
commit dff5dcf957
parent e64b45d48e
3 changed files with 72 additions and 1 deletions
--- a/ftp/gftp/Makefile
+++ b/ftp/gftp/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	gftp
 PORTVERSION=	2.0.18
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	ftp
 MASTER_SITES=	http://gftp.seul.org/ \
 		ftp://gftp.seul.org/pub/gftp/
--- a/ftp/gftp/files/patch-lib-fsplib_fsplib.c
+++ b/ftp/gftp/files/patch-lib-fsplib_fsplib.c
@ -0,0 +1,47 @@
+--- lib/fsplib/fsplib.c.orig	2005-01-19 03:03:45.000000000 +0100
+++ lib/fsplib/fsplib.c	2007-11-05 16:37:32.000000000 +0100
+@@ -612,7 +612,7 @@
+     entry->d_reclen = fentry.reclen;
+     strncpy(entry->d_name,fentry.name,MAXNAMLEN);
+ 
+-    if (fentry.namlen > MAXNAMLEN)
+    if (fentry.namlen >= MAXNAMLEN)
+     {
+ 	entry->d_name[MAXNAMLEN + 1 ] = '\0';
+ #ifdef HAVE_NAMLEN
+@@ -680,9 +680,19 @@
+        /* skip file date and file size */
+        dir->dirpos += 9;
+        /* read file name */
+-       entry->name[255 + 1] = '\0';
+       entry->name[255] = '\0';
+        strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN);
+       /* check for ASCIIZ encoded filename */
+       if (memchr(dir->data + dir->dirpos,0,dir->datasize - dir->dirpos) != NULL)
+       {
+        namelen = strlen( (char *) dir->data+dir->dirpos);
+       }
+       else
+       {
+            /* \0 terminator not found at end of filename */
+            *result = NULL;
+            return 0;
+       }
+        /* skip over file name */
+        dir->dirpos += namelen +1;
+ 
+@@ -709,12 +719,12 @@
+ 
+ struct dirent * fsp_readdir(FSP_DIR *dirp)
+ {
+-    static struct dirent entry;
+    static dirent_workaround entry;
+     struct dirent *result;
+     
+     
+     if (dirp == NULL) return NULL;
+-    if ( fsp_readdir_r(dirp,&entry,&result) )
+    if ( fsp_readdir_r(dirp,&entry.dirent,&result) )
+         return NULL;
+     else
+         return result;
--- a/ftp/gftp/files/patch-lib-fsplib_fsplib.h
+++ b/ftp/gftp/files/patch-lib-fsplib_fsplib.h
@ -0,0 +1,24 @@
+--- lib/fsplib/fsplib.h.orig	2005-01-19 03:04:02.000000000 +0100
+++ lib/fsplib/fsplib.h	2007-11-05 16:37:32.000000000 +0100
+@@ -1,6 +1,8 @@
+ #ifndef _FSPLIB_H
+ #define _FSPLIB_H 1
+ #include <time.h>
+#include <stddef.h>
+
+ /* The FSP v2 protocol support library - public interface */
+ 
+ /*
+@@ -138,6 +140,12 @@
+ 		      unsigned int pos;          /* position of next packet */
+ } FSP_FILE;
+ 
+
+typedef union dirent_workaround {
+      struct dirent dirent;
+      char fill[offsetof (struct dirent, d_name) + MAXNAMLEN + 1];
+} dirent_workaround;
+ 
+ /* function prototypes */
+ 
+ /* session management */