freebsd-ports/ftp/wu-ftpd+ipv6/files/patch-aa
Will Andrews a04ccb23d8 Update to 2.6.1, which fixes some security issues (actually, we already
had some setproctitle(), etc. fixed through patch-aa), fixes memory leaks
in internal ls, and merges in the virtual passwd/shadow features of
BeroFTPD.  This update should solve SA 00:29.  Add WWW to DESCR.
2000-07-09 02:07:07 +00:00

48 lines
1.3 KiB
Text

--- src/ftpd.c Sat Jul 1 14:17:39 2000
+++ src/ftpd.c.new Sat Jul 8 21:48:05 2000
@@ -1662,9 +1662,9 @@
/* Display s/key challenge where appropriate. */
if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf))
- sprintf(buf, "Password required for %s.", name);
+ snprintf(buf, 128, "Password required for %s.", name);
else
- sprintf(buf, "%s %s for %s.", sbuf,
+ snprintf(buf, 128, "%s %s for %s.", sbuf,
pwok ? "allowed" : "required", name);
return (buf);
}
@@ -2572,7 +2572,7 @@
#ifdef BSD_AUTH
if (ext_auth) {
if ((salt = check_auth(the_user, passwd))) {
- reply(530, salt);
+ reply(530, "%s", salt);
#ifdef LOG_FAILED /* 27-Apr-93 EHK/BM */
syslog(LOG_INFO, "failed login from %s",
remoteident);
@@ -6435,7 +6435,7 @@
dirlist = ftpglob(whichfiles);
sdirlist = dirlist; /* save to free later */
if (globerr != NULL) {
- reply(550, globerr);
+ reply(550, "%s", globerr);
goto globfree;
}
else if (dirlist == NULL) {
@@ -6486,7 +6486,6 @@
}
goto globfree;
}
- if ((st.st_mode & S_IFMT) != S_IFDIR) {
if (dout == NULL) {
dout = dataconn("file list", (off_t) - 1, "w");
if (dout == NULL)
@@ -6509,7 +6508,6 @@
byte_count_out++;
}
#endif
- }
}
if (dout != NULL) {