Re: glFTPd local stack buffer overflow
From: Bloody_A (bloody_a_at_glftpd.com)
Date: 09/21/04
- Previous message: thomas adams: "CA UniCenter Management Portal Username Enumeration Vulnerability"
- Maybe in reply to: CoKi: "glFTPd local stack buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 Sep 2004 19:16:39 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <20040919041243.22505.qmail@www.securityfocus.com>
The glFTPd dupescan utility is an extra tool provided by the glFTPd team to give users the possibility to search the dupelog from the shell. glFTPd does not use this program for normal operation.
A patch to fix this problem has been made available on the glFTPd homepage (http://www.glftpd.com) and will be included in the next release. Below i have included the patch.
--- dupescan.pactch ---
--- bin/sources/dupescan.c 2003-11-24 14:52:14.000000000 +0100
+++ bin/sources/dupescan.c 2004-09-19 14:23:04.000000000 +0200
@@ -51,7 +51,8 @@
read_conf_datapath(Temp);
sprintf(dupefile, "%s/logs/dupefile", Temp);
- strcpy(dupename, argv[1]);
+ strncpy(dupename, argv[1], sizeof(dupename)-1);
+ dupename[sizeof(dupename)-1] = '\0';
if((fp = fopen(dupefile, "r")) == NULL)
return 0;
--- dupescan.pactch ---
- Previous message: thomas adams: "CA UniCenter Management Portal Username Enumeration Vulnerability"
- Maybe in reply to: CoKi: "glFTPd local stack buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
