From 9ab20310d997d27db35705f05d6abe8e690e80aa Mon Sep 17 00:00:00 2001 From: Michal Ruprich Date: Dec 18 2018 18:35:29 +0000 Subject: Resolves: #1624949 - netkit ftp client buffer overflow in makeargv() --- diff --git a/ftp.spec b/ftp.spec index c8e4914..ed3dae7 100644 --- a/ftp.spec +++ b/ftp.spec @@ -1,7 +1,7 @@ Summary: The standard UNIX FTP (File Transfer Protocol) client Name: ftp Version: 0.17 -Release: 78%{?dist} +Release: 79%{?dist} License: BSD with advertising Group: Applications/Internet Source0: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-ftp-%{version}.tar.gz @@ -40,6 +40,7 @@ Patch31: netkit-ftp-0.17-commands-leaks.patch Patch32: netkit-ftp-0.17-lsn-timeout.patch Patch33: netkit-ftp-0.17-getlogin.patch Patch34: netkit-ftp-0.17-token.patch +Patch35: netkit-ftp-0.17-linelen-segfault.patch BuildRequires: glibc-devel, readline-devel, ncurses-devel BuildRequires: perl-interpreter, gcc @@ -88,6 +89,7 @@ file transfers. %patch32 -p1 -b .lsn-timeout %patch33 -p1 -b .getlogin %patch34 -p1 -b .token +%patch35 -p1 -b .linelen-segfault %build sh configure --with-c-compiler=gcc --enable-ipv6 @@ -117,6 +119,9 @@ make INSTALLROOT=${RPM_BUILD_ROOT} install %{_mandir}/man5/netrc.* %changelog +* Tue Dec 18 2018 Michal Ruprich - 0.17-79 +- Resolves: #1624949 - netkit ftp client buffer overflow in makeargv() + * Mon Jul 23 2018 Michal Ruprich - 0.17-78 - Resolves: #1604015 - ftp: FTBFS in Fedora rawhide diff --git a/netkit-ftp-0.17-linelen-segfault.patch b/netkit-ftp-0.17-linelen-segfault.patch new file mode 100644 index 0000000..a16db58 --- /dev/null +++ b/netkit-ftp-0.17-linelen-segfault.patch @@ -0,0 +1,23 @@ +diff -up netkit-ftp-0.17/ftp/ftp.c.orig netkit-ftp-0.17/ftp/ftp.c +diff -up netkit-ftp-0.17/ftp/ftp_var.h.orig netkit-ftp-0.17/ftp/ftp_var.h +diff -up netkit-ftp-0.17/ftp/main.c.orig netkit-ftp-0.17/ftp/main.c +--- netkit-ftp-0.17/ftp/main.c.orig 2018-09-03 16:49:16.459000000 +0200 ++++ netkit-ftp-0.17/ftp/main.c 2018-09-03 17:00:14.853452345 +0200 +@@ -399,7 +399,7 @@ int slrflag; + char ** + makeargv(int *pargc, char **parg) + { +- static char *rargv[20]; ++ static char *rargv[LINELEN]; + int rargc = 0; + char **argp; + +@@ -407,7 +407,7 @@ makeargv(int *pargc, char **parg) + stringbase = line; /* scan from first of buffer */ + argbase = argbuf; /* store from first of buffer */ + slrflag = 0; +- while ((*argp++ = slurpstring())!=NULL) ++ while ((rargc < LINELEN) && (*argp++ = slurpstring())!=NULL) + rargc++; + + *pargc = rargc;