DoS in PureFTPd - continue.

[Adam Zabrocki <pi3ki31ny () wp pl>]

DoS in PureFTPd - continue.

     After carefully read the source PureFTPd and talk with autor PureFTPd i must apologize for false alarm about DoS 
in PureFTPd, becouse the messy code will never be executed. Looked once more for source - function displayrate():

"in file src/ftpd.c"
static void displayrate(const char *word, off_t size,
                        const double started,
                        const char * const name, int up)
{
...
...
        char *resolved_path;
...
...
        resolved_path[sizeof_resolved_path - 1U] = 0;
        if (realpath(name, resolved_path) == NULL) {
...
...
        if (resolved_path[sizeof_resolved_path - 1U] != 0) {
            for (;;) {
                *resolved_path++ = 0;
            }
        }
...
...
}

After do loop for() PureFTPd exec is function realpath() (in file src/bsd-realpath.c function bsd_realpath()). Looked 
for her carefully:

"src/bsd_realpath.c"
char *bsd_realpath(const char *path, char *resolved)
{
    char wbuf[MAXPATHLEN + 1U];
...
...
    if (strlen(resolved) + strlen(wbuf) + (size_t) needslash + 
               (size_t) 1U > sizeof_resolved) { 
     errno = ENAMETOOLONG; 
     goto err1; 
    }
...
...
        (void) strcat(resolved, wbuf); /* flawfinder: ignore - safe, see above */
...
...
}

Before do strcat() and write to specific memory string (to do messy code that memory must be writed) function check the 
len and when he was longer then sizeof_resolved (sizeof_resolved is MAXPATHLEN) then function return ENAMETOOLONG. It 
indemnifies before DoS.

Regards Adam Zabrocki (pi3).