[36604] in bugtraq
Re: glFTPd local stack buffer overflow
daemon@ATHENA.MIT.EDU (Bloody_A)
Wed Sep 22 05:14:29 2004
Date: 21 Sep 2004 19:16:39 -0000
Message-ID: <20040921191639.19652.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Bloody_A <bloody_a@glftpd.com>
To: bugtraq@securityfocus.com
In-Reply-To: <20040919041243.22505.qmail@www.securityfocus.com>
The glFTPd dupescan utility is an extra tool provided by the glFTPd team to give users the possibility to search the dupelog from the shell. glFTPd does not use this program for normal operation.
A patch to fix this problem has been made available on the glFTPd homepage (http://www.glftpd.com) and will be included in the next release. Below i have included the patch.
--- dupescan.pactch ---
--- bin/sources/dupescan.c 2003-11-24 14:52:14.000000000 +0100
+++ bin/sources/dupescan.c 2004-09-19 14:23:04.000000000 +0200
@@ -51,7 +51,8 @@
read_conf_datapath(Temp);
sprintf(dupefile, "%s/logs/dupefile", Temp);
- strcpy(dupename, argv[1]);
+ strncpy(dupename, argv[1], sizeof(dupename)-1);
+ dupename[sizeof(dupename)-1] = '\0';
if((fp = fopen(dupefile, "r")) == NULL)
return 0;
--- dupescan.pactch ---
