oss-sec mailing list archives
Several out of bounds reads in ProFTPD
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 11 Mar 2016 17:25:15 +0100
https://blog.fuzzing-project.org/40-Several-out-of-bounds-reads-in-ProFTPD.html The latest releases of ProFTPD 1.3.5a and 1.3.6rc2 fix several out of bounds read issues. I discovered these issues by running the test suite with Address Sanitizer enabled. An invalid off by one read can happen in the function pr_fs_dircat(). This affects both 1.3.5a and 1.3.6rc1 and earlier. http://bugs.proftpd.org/show_bug.cgi?id=4194 Upstream bug report https://github.com/proftpd/proftpd/commit/f99ef850a05f46c56be8deae97e59efa50575e69 Git commit / fix An invalid off by one read can happen in the string handling function pr_ascii_ftp_to_crlf(). This code is not present in the stable 1.3.5 release series and only affects 1.3.6 release candidates before rc2. http://bugs.proftpd.org/show_bug.cgi?id=4195 Upstream bug report https://github.com/proftpd/proftpd/pull/145 Git commit / fix A missing null termination of a string causes an out of bounds memory read in a test. This does not affect the ProFTPD code itself, it's just an issue in the test suite. http://bugs.proftpd.org/show_bug.cgi?id=4193 Upstream bug report https://github.com/proftpd/proftpd/commit/d9f9d469ce1da09c7935f509797d488fa2d08697 Git commit / fix -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Several out of bounds reads in ProFTPD Hanno Böck (Mar 11)
- Re: Several out of bounds reads in ProFTPD Moritz Mühlenhoff (Mar 11)