Date: Fri, 23 Jun 2000 21:11:46 -0700 (PDT) From: dima@rdy.com (Dima Ruban) To: Koga Youichirou <y-koga@jp.FreeBSD.org> Cc: wollman@khavrinen.lcs.mit.edu, silby@silby.com, freebsd-security@FreeBSD.ORG Subject: Re: Fwd: WuFTPD: Providing *remote* root since at least1994 Message-ID: <200006240411.VAA82687@sivka.rdy.com> In-Reply-To: <20000624013253.13481.qmail@smtp.246.ne.jp> "from Koga Youichirou at Jun 24, 2000 10:32:21 am"
next in thread | previous in thread | raw e-mail | index | archive | help
What's the purpose of this patch? I didn't look at the code, but to me it sounds like it's pretty much irrelevant whether you gonna use ``foo(fmt, string)'' or ``foo(string)'' Koga Youichirou writes: > Garrett Wollman <wollman@khavrinen.lcs.mit.edu>: > > Here's a patch (mangled by cut&paste) which hacks around the problem. > > Debian team has already released a fixed package. > A patch is available from: > > http://security.debian.org/dists/potato/updates/main/source/wu-ftpd_2.6.0-5.1.diff.gz > > Then I checked it and I found that there are some other undesirable > codes in ftpd.c. Probably these codes do not lead to security flaw, > but I think that they should be corrected. > > Following patch corrects them (incl. a part of debian's patch), > and I have sent it to wu-ftpd development team. > > Index: ftpcmd.y > =================================================================== > RCS file: /usr/cvs/src/wu-ftpd/src/ftpcmd.y,v > retrieving revision 1.1.1.1 > diff -u -r1.1.1.1 ftpcmd.y > --- ftpcmd.y 1999/10/21 11:50:51 1.1.1.1 > +++ ftpcmd.y 2000/06/23 08:19:30 > @@ -1926,13 +1926,13 @@ > } > if (!maxfound) > maxlines = defmaxlines; > - lreply(200, cmd); > + lreply(200, "%s", cmd); > while (fgets(buf, sizeof buf, cmdf)) { > size_t len = strlen(buf); > > if (len > 0 && buf[len - 1] == '\n') > buf[--len] = '\0'; > - lreply(200, buf); > + lreply(200, "%s", buf); > if (maxlines <= 0) > ++lines; > else if (++lines >= maxlines) { > Index: ftpd.c > =================================================================== > RCS file: /usr/cvs/src/wu-ftpd/src/ftpd.c,v > retrieving revision 1.1.1.1.2.10 > diff -u -r1.1.1.1.2.10 ftpd.c > --- ftpd.c 2000/03/17 02:01:57 1.1.1.1.2.10 > +++ ftpd.c 2000/06/23 08:47:21 > @@ -2012,9 +2012,9 @@ > s = strsep(&cp, "\n"); > if (cp == NULL || *cp == '\0') > break; > - lreply(331, s); > + lreply(331, "%s", s); > } > - reply(331, s); > + reply(331, "%s", s); > } > else { > #endif > @@ -2495,7 +2495,7 @@ > #ifdef BSD_AUTH > if (ext_auth) { > if ((salt = check_auth(the_user, passwd))) { > - reply(530, salt); > + reply(530, "%s", salt); > #ifdef LOG_FAILED /* 27-Apr-93 EHK/BM */ > syslog(LOG_INFO, "failed login from %s", > remoteident); > @@ -3160,7 +3160,7 @@ > reply(230, "User %s logged in.%s", pw->pw_name, guest ? > " Access restrictions apply." : ""); > sprintf(proctitle, "%s: %s", remotehost, pw->pw_name); > - setproctitle(proctitle); > + setproctitle("%s", proctitle); > if (logging) > syslog(LOG_INFO, "FTP LOGIN FROM %s, %s", remoteident, pw->pw_name); > /* H* mod: if non-anonymous user, copy it to "authuser" so everyone can > @@ -5908,7 +5908,7 @@ > > remotehost[sizeof(remotehost) - 1] = '\0'; > sprintf(proctitle, "%s: connected", remotehost); > - setproctitle(proctitle); > + setproctitle("%s", proctitle); > > wu_authenticate(); > /* Create a composite source identification string, to improve the logging > @@ -6318,7 +6318,7 @@ > dirlist = ftpglob(whichfiles); > sdirlist = dirlist; /* save to free later */ > if (globerr != NULL) { > - reply(550, globerr); > + reply(550, "%s", globerr); > goto globfree; > } > else if (dirlist == NULL) { > > > Regards, > > -- Koga, Youichirou > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006240411.VAA82687>