Bugtraq mailing list archives
Re: ProFTPD
From: dumped () SEKURE ORG (dumped)
Date: Sun, 29 Aug 1999 11:27:48 -0300
Here goes the fix. dumped Sekure SDI On Fri, 27 Aug 1999 acidrain () HACKBOX COM wrote: --- proftpd-1.2.0pre2.orig/modules/mod_xfer.c Sun Aug 29 11:17:42 1999 +++ proftpd-1.2.0pre2/modules/mod_xfer.c Sun Aug 29 11:22:24 1999 @@ -28,6 +28,11 @@ * _translate_ascii was returning a buffer larger than the max buffer * size causing memory overrun and all sorts of neat corruption. * Status: Stomped + * + * 8/29/99 1.2.0pre2 + * + * Fixed 2 exploitable buffer overflows + * dumped () sekure org * */ @@ -181,7 +186,7 @@ /* otherwise everthing is good */ p = mod_privdata_alloc(cmd,"stor_filename",strlen(dir)+1); - strcpy(p->value.str_val,dir); + strncpy(p->value.str_val, dir, strlen(p->value.str_val)); return HANDLED(cmd); } @@ -374,7 +379,7 @@ /* otherwise everthing is good */ p = mod_privdata_alloc(cmd,"retr_filename",strlen(dir)+1); - strcpy(p->value.str_val,dir); + strncpy(p->value.str_val,dir, sizeof(p->value.str_val)); return HANDLED(cmd); }
Current thread:
- ProFTPD acidrain () HACKBOX COM (Aug 27)
- Re: ProFTPD Krzysztof Anton (Aug 29)
- Re: ProFTPD dumped (Aug 29)
- Re: ProFTPD Nic Bellamy (Aug 30)
- [brister () vix com: INN 2.2.1 now available] Patrick Oonk (Aug 29)
- <Possible follow-ups>
- proftpd Przemyslaw Frasunek (Aug 29)