[7015] in bugtraq
Re: ncftp 2.4.3 bug
daemon@ATHENA.MIT.EDU (Liviu Daia)
Tue Jun 23 16:13:38 1998
Date: Tue, 23 Jun 1998 19:35:01 +0300
Reply-To: daia@stoilow.imar.ro
From: Liviu Daia <daia@STOILOW.IMAR.RO>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19980622180248.AAA6361@mike_gleason>; from Mike Gleason on Mon,
Jun 22, 1998 at 01:10:44PM -0500
On 22 June 1998, Mike Gleason <mgleason@NCFTP.COM> wrote:
[...]
> As for this particular bug, it crashes because ncftp 2.x was trying to
> copy from a NULL pointer. So, no buffer exploit. Version 3 (still
> beta) handles it just fine. The official gospel is to upgrade to
> version 3, since the bug doesn't occur naturally in the wild.
[...]
However, some people might still want to stick with version 2.4.3,
since a few useful (IMHO) features have been removed along the way to
version 3. :-) So here's a simple fix, for the sake of the old days:
--- Cmds.c.old Fri Mar 20 04:02:07 1998
+++ Cmds.c Tue Jun 23 19:15:53 1998
@@ -241,7 +241,7 @@
* if we can parse out the new directory without
* doing a PWD command.
*/
- if (cwdrp != NULL) {
+ if (cwdrp != NULL && cwdrp->msg.first != NULL) {
/* "xxxx" is new cwd.
* Strip out just the xxxx to copy into the remote cwd.
*/
Regards,
Liviu
--
Dr. Liviu Daia e-mail: daia@stoilow.imar.ro
Institute of Mathematics web page: http://www.imar.ro/~daia
of the Romanian Academy PGP key: finger daia@stoilow.imar.ro
