Here goes the fix. dumped Sekure SDI On Fri, 27 Aug 1999 [EMAIL PROTECTED] wrote:
--- proftpd-1.2.0pre2.orig/modules/mod_xfer.c Sun Aug 29 11:17:42 1999 +++ proftpd-1.2.0pre2/modules/mod_xfer.c Sun Aug 29 11:22:24 1999 @@ -28,6 +28,11 @@ * _translate_ascii was returning a buffer larger than the max buffer * size causing memory overrun and all sorts of neat corruption. * Status: Stomped + * + * 8/29/99 1.2.0pre2 + * + * Fixed 2 exploitable buffer overflows + * [EMAIL PROTECTED] * */ @@ -181,7 +186,7 @@ /* otherwise everthing is good */ p = mod_privdata_alloc(cmd,"stor_filename",strlen(dir)+1); - strcpy(p->value.str_val,dir); + strncpy(p->value.str_val, dir, strlen(p->value.str_val)); return HANDLED(cmd); } @@ -374,7 +379,7 @@ /* otherwise everthing is good */ p = mod_privdata_alloc(cmd,"retr_filename",strlen(dir)+1); - strcpy(p->value.str_val,dir); + strncpy(p->value.str_val,dir, sizeof(p->value.str_val)); return HANDLED(cmd); }