net-ftp/ftpd/files/ftpd-0.17+ssl-0.3-overflowpatch.diff


1
2
3
4
5
6
7
8
9
10
11
12
13
14

--- linux-ftpd-0.17/ftpd/ftpd.c	2005-11-05 17:04:53.000000000 -0600
+++ linux-ftpd-0.17-patched/ftpd/ftpd.c	2005-11-05 17:11:54.000000000 -0600
@@ -2082,9 +2082,9 @@
 	va_start(ap);
 #endif
 #ifdef USE_SSL
-        /* assemble the output into a buffer */
+        /* assemble the output into a buffer, checking for length*/
 	sprintf(outputbuf,"%d ",n);
-	vsprintf(outputbuf+strlen(outputbuf),fmt,ap);
+	vsnprintf(outputbuf+strlen(outputbuf),2048-(strlen(outputbuf) + 3),fmt,ap);
 	strcat(outputbuf,"\r\n");
 
 	if (ssl_debug_flag)