From owner-freebsd-bugs Thu Dec 7 4: 0: 6 2000 From owner-freebsd-bugs@FreeBSD.ORG Thu Dec 7 04:00:05 2000 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7C4E637B400 for ; Thu, 7 Dec 2000 04:00:04 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id eB7C04f30017; Thu, 7 Dec 2000 04:00:04 -0800 (PST) (envelope-from gnats) Date: Thu, 7 Dec 2000 04:00:04 -0800 (PST) Message-Id: <200012071200.eB7C04f30017@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Dag-Erling Smorgrav Subject: Re: bin/23352: [SECURITY] buffer overflow in opieftpd Reply-To: Dag-Erling Smorgrav Sender: gnats@FreeBSD.org Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/23352; it has been noted by GNATS. From: Dag-Erling Smorgrav To: venglin@freebsd.lublin.pl Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/23352: [SECURITY] buffer overflow in opieftpd Date: 07 Dec 2000 12:54:15 +0100 venglin@freebsd.lublin.pl writes: > ftpd_popen() from opieftpd contains buffer overflow. opieftpd is not > compiled by default. While you're there, you might want to rewrite ftpd_popen() (both in opieftpd and regular ftpd - they should be identical, or at least very similar) so that it takes a list of arguments instead of a single string which it breaks into arguments. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message