Bugtraq mailing list archives

Re: ProFTPD

From: dumped () SEKURE ORG (dumped)
Date: Sun, 29 Aug 1999 11:27:48 -0300


Here goes the fix.

dumped
Sekure SDI

On Fri, 27 Aug 1999 acidrain () HACKBOX COM wrote:


--- proftpd-1.2.0pre2.orig/modules/mod_xfer.c   Sun Aug 29 11:17:42 1999
+++ proftpd-1.2.0pre2/modules/mod_xfer.c        Sun Aug 29 11:22:24 1999
@@ -28,6 +28,11 @@
  *   _translate_ascii was returning a buffer larger than the max buffer
  *   size causing memory overrun and all sorts of neat corruption.
  *   Status: Stomped
+ * 
+ * 8/29/99 1.2.0pre2
+ * 
+ * Fixed 2 exploitable buffer overflows
+ *                     dumped () sekure org
  *
  */
 
@@ -181,7 +186,7 @@
 
   /* otherwise everthing is good */
   p = mod_privdata_alloc(cmd,"stor_filename",strlen(dir)+1);
-  strcpy(p->value.str_val,dir);
+  strncpy(p->value.str_val, dir, strlen(p->value.str_val));
 
   return HANDLED(cmd);
 }
@@ -374,7 +379,7 @@
 
   /* otherwise everthing is good */
   p = mod_privdata_alloc(cmd,"retr_filename",strlen(dir)+1);
-  strcpy(p->value.str_val,dir);
+  strncpy(p->value.str_val,dir, sizeof(p->value.str_val));
   return HANDLED(cmd);
 }

Current thread:

ProFTPD acidrain () HACKBOX COM (Aug 27)
- Re: ProFTPD Krzysztof Anton (Aug 29)
- Re: ProFTPD dumped (Aug 29)
  - Re: ProFTPD Nic Bellamy (Aug 30)
- [brister () vix com: INN 2.2.1 now available] Patrick Oonk (Aug 29)
- <Possible follow-ups>
- proftpd Przemyslaw Frasunek (Aug 29)