summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2005-10-14 05:44:14 +0000
committerMike Frysinger <vapier@gentoo.org>2005-10-14 05:44:14 +0000
commit2460bafb9152f5e6d17669a6876c44ec3b771e98 (patch)
treea324013cb23f308f06d3ebfe2d0e3a0d2c8af2c6 /net-ftp/ftp/files
parentadd docs (diff)
downloadgentoo-2-2460bafb9152f5e6d17669a6876c44ec3b771e98.tar.gz
gentoo-2-2460bafb9152f5e6d17669a6876c44ec3b771e98.tar.bz2
gentoo-2-2460bafb9152f5e6d17669a6876c44ec3b771e98.zip
Grab segv patch from Fedora, make sure we fixup the ssl port code since ipv6 changes it, and fix a segfault when using strcpy() on the same areas of memory #104311.
(Portage version: 2.0.53_rc5)
Diffstat (limited to 'net-ftp/ftp/files')
-rw-r--r--net-ftp/ftp/files/digest-ftp-0.17-r61
-rw-r--r--net-ftp/ftp/files/netkit-ftp-0.17-dont-strcpy-overlapping.patch53
-rw-r--r--net-ftp/ftp/files/netkit-ftp-0.17-ipv6.patch20
-rw-r--r--net-ftp/ftp/files/netkit-ftp-0.17-segv.patch90
4 files changed, 164 insertions, 0 deletions
diff --git a/net-ftp/ftp/files/digest-ftp-0.17-r6 b/net-ftp/ftp/files/digest-ftp-0.17-r6
new file mode 100644
index 000000000000..d98bdd29a960
--- /dev/null
+++ b/net-ftp/ftp/files/digest-ftp-0.17-r6
@@ -0,0 +1 @@
+MD5 94441610c9b86ef45c4c6ec609444060 netkit-ftp-0.17.tar.gz 53934
diff --git a/net-ftp/ftp/files/netkit-ftp-0.17-dont-strcpy-overlapping.patch b/net-ftp/ftp/files/netkit-ftp-0.17-dont-strcpy-overlapping.patch
new file mode 100644
index 000000000000..dc08c8710a5e
--- /dev/null
+++ b/net-ftp/ftp/files/netkit-ftp-0.17-dont-strcpy-overlapping.patch
@@ -0,0 +1,53 @@
+http://bugs.gentoo.org/104311
+
+From the strncpy(3) manpage:
+The strings may not overlap, and the destination string dest must be large
+enough to receive the copy.
+
+ftp.c:1812:Bounds error: in strncpy with 0x4 for 63 and 0x4 for 1, source and destination objects overlap.
+ftp.c:1812: Pointer value: 0x4
+ftp.c:1812: Object `*proxstruct.3':
+ftp.c:1812: Address in memory: 0x0 .. 0x7
+ftp.c:1812: Size: 8408 bytes
+ftp.c:1812: Element size: 1 bytes
+ftp.c:1812: Number of elements: 8408
+ftp.c:1812: Storage class: static
+Aborted
+
+The bug is hit when ftp.c's pswitch() is called multiple times:
+
+static struct comvars { char name[]; } proxstruct, tmpstruct;
+struct comvars *ip, *op;
+...
+if (flag) {
+ ip = &tmpstruct;
+ op = &proxstruct;
+} else {
+ ip = &proxstruct;
+ op = &tmpstruct;
+}
+...
+if (hostname)
+ strncpy(ip->name, hostname, sizeof(ip->name) - 1);
+...
+hostname = op->name;
+
+so if the code path is:
+ hostname = NULL
+ pswitch(0)
+ hostname = op->name (tmpstruct.name)
+ pswitch(1)
+ strncpy(ip->name (tmpstruct.name), hostname, ...)
+bad things happen
+
+--- ftp/ftp.c
++++ ftp/ftp.c
+@@ -1808,7 +1808,7 @@
+ }
+ ip->connect = connected;
+ connected = op->connect;
+- if (hostname) {
++ if (hostname && ip->name != hostname) {
+ (void) strncpy(ip->name, hostname, sizeof(ip->name) - 1);
+ ip->name[sizeof(ip->name) - 1] = '\0';
+ }
diff --git a/net-ftp/ftp/files/netkit-ftp-0.17-ipv6.patch b/net-ftp/ftp/files/netkit-ftp-0.17-ipv6.patch
index defc6d1db049..8d6279d1fbbe 100644
--- a/net-ftp/ftp/files/netkit-ftp-0.17-ipv6.patch
+++ b/net-ftp/ftp/files/netkit-ftp-0.17-ipv6.patch
@@ -105,6 +105,26 @@ http://bugs.gentoo.org/show_bug.cgi?id=47507
if (argc > 2) {
#ifdef USE_SSL
/* not really an SSL enhancement but something that
+@@ -222,7 +222,7 @@
+ * the default (unofficial) port number
+ */
+ if ((strcmp(argv[2],"ssl-ftp")==0) && (destsp==NULL))
+- port = 150;
++ port = "150";
+ else {
+ if (destsp == NULL ) {
+ printf("%s: bad port name-- %s\n",argv[1],argv[2]);
+@@ -230,7 +230,9 @@
+ code = -1;
+ return;
+ } else {
+- port = ntohs(destsp->s_port);
++ static char portbuf[10];
++ snprintf(portbuf, sizeof(portbuf), "%i", ntohs(destsp->s_port));
++ port = portbuf;
+ }
+ }
+ } else
@@ -233,20 +235,15 @@
}
} else
diff --git a/net-ftp/ftp/files/netkit-ftp-0.17-segv.patch b/net-ftp/ftp/files/netkit-ftp-0.17-segv.patch
new file mode 100644
index 000000000000..53f01379bde1
--- /dev/null
+++ b/net-ftp/ftp/files/netkit-ftp-0.17-segv.patch
@@ -0,0 +1,90 @@
+Ripped from Fedora
+
+* Mon Jun 14 2004 Alan Cox <alan@redhat.com>
+- Re-arranged some totally bogus old bezerkly code that could
+ segfault ftp on connection loss. (BZ #122295)
+
+https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=122295
+
+--- netkit-ftp-0.17/ftp/ftp.c.segv 2004-06-14 11:04:38.000000000 -0400
++++ netkit-ftp-0.17/ftp/ftp.c 2004-06-14 11:06:46.000000000 -0400
+@@ -472,6 +472,8 @@
+ return (0);
+ }
+ lostpeer(0);
++ fclose(cout);
++ cout = NULL;
+ if (verbose) {
+ printf("421 Service not available, remote server has closed connection\n");
+ (void) fflush(stdout);
+@@ -529,7 +531,14 @@
+ cpend = 0;
+ (void) signal(SIGINT,oldintr);
+ if (code == 421 || originalcode == 421)
++ {
+ lostpeer(0);
++ if(cout)
++ {
++ fclose(cout);
++ cout = NULL;
++ }
++ }
+ if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN)
+ (*oldintr)(SIGINT);
+ return (n - '0');
+@@ -1790,6 +1799,11 @@
+ if (ptabflg)
+ code = -1;
+ lostpeer(0);
++ if(cout != NULL)
++ {
++ fclose(cout);
++ cout = NULL;
++ }
+ }
+ (void) getreply(0);
+ (void) getreply(0);
+@@ -1815,6 +1829,11 @@
+ perror("reset");
+ code = -1;
+ lostpeer(0);
++ if(cout != NULL)
++ {
++ fclose(cout);
++ cout = NULL;
++ }
+ }
+ else if (nfnd) {
+ (void) getreply(0);
+@@ -1897,6 +1916,11 @@
+ if (ptabflg)
+ code = -1;
+ lostpeer(0);
++ if(cout != NULL)
++ {
++ fclose(cout);
++ cout = NULL;
++ }
+ }
+ if (din && FD_ISSET(fileno(din), &mask)) {
+ while (read(fileno(din), buf, BUFSIZ) > 0)
+--- netkit-ftp-0.17/ftp/main.c.segv 2004-06-14 11:03:18.000000000 -0400
++++ netkit-ftp-0.17/ftp/main.c 2004-06-14 11:03:42.000000000 -0400
+@@ -235,8 +235,6 @@
+ if (connected) {
+ if (cout != NULL) {
+ shutdown(fileno(cout), 1+1);
+- fclose(cout);
+- cout = NULL;
+ }
+ if (data >= 0) {
+ shutdown(data, 1+1);
+@@ -249,8 +247,6 @@
+ if (connected) {
+ if (cout != NULL) {
+ shutdown(fileno(cout), 1+1);
+- fclose(cout);
+- cout = NULL;
+ }
+ connected = 0;
+ }