[3921] in bugtraq

home help back first fref pref prev next nref lref last post

Re: BoS: serious security bug in wu-ftpd v2.4 -- PATCH

daemon@ATHENA.MIT.EDU (Henrik P Johnson)
Tue Jan 14 19:12:05 1997

Date: 	Sun, 12 Jan 1997 19:56:01 +0100
Reply-To: Henrik P Johnson <hpj@one.se>
From: Henrik P Johnson <hpj@one.se>
X-To:         Dave Kinchlea <security@kinch.ark.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To:  <Pine.LNX.3.95.970105223438.8237D-100000@kinch.ark.com>

Below comes an hopefully improved version of the sigfix.c file to fix w=
u-ftp.
This will block signals while within crusial parts of the FTP server, y=
et the
signals will occur after the resumesigs is called. I have no idea of ho=
w
portable this may or may not be, but it seems to work on HP, OSF, linux=
 and
Solaris. Otherwise the patch as supplied by Dave Kinchlea
<security@kinch.ark.com> should be applied.

/* ######################### sigfix.c #################################=
 */

void
#ifdef __STDC__
suspendsigs(void)
#else
suspendsigs()
#endif
{
    sigset_t sset=3D0;
#ifdef SIGPIPE
    sset=3DSIGPIPE;
#endif

#ifdef SIGURG
    sset|=3DSIGURG;
#endif
    sigprocmask(SIG_BLOCK,&sset,NULL);
}

void
#ifdef __STDC__
resumesigs(void)
#else
reseumesigs()
#endif
{
    sigset_t sset=3D0;
#ifdef SIGPIPE
    sset=3DSIGPIPE;
#endif

#ifdef SIGURG
    sset|=3DSIGURG;
#endif
    sigprocmask(SIG_UNBLOCK,&sset,NULL);
}



=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
Henrik P Johnson              Tel: +46-(0)31-812091           Eklandaga=
tan 41a
GlobeCom Network              GSM: +46-(0)70-5409924            41261 G=
=F6teborg
IRC: [TC]                     FAX: +46-(0)31-208460                    =
 Sweden
E-Mail: king@globecom.net king@one.se, hpj@etek.chalmers.se, hpj@tjh.se=
... etc
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
Nice site: http://www.underscore.se/sj (Swedish)
home help back first fref pref prev next nref lref last post