On Wed, Apr 18, 2001 at 09:47:34AM +0300, Vladimir Terziev wrote:
>
> Hi hackers,
>
>
> I saw the security-advisory about globbing vulnerability in ftpd and I
> tryed to patch my FreeBSD 4.0, but I got an error:
>
> /usr/src/lib/libc/../libc/gen/glob.c: In function `glob':
> /usr/src/lib/libc/../libc/gen/glob.c:171: `GLOB_MAXPATH' undeclared
>
> and the next
>
> /usr/src/lib/libc/../libc/gen/glob.c: In function `globextend':
> /usr/src/lib/libc/../libc/gen/glob.c:689: `GLOB_LIMIT' undeclared
>
>
> I think the patch is not correct or I'm wrong?
This was discussed on the -security mailing list. Yes, the patch was missing
the include/glob.h part; try to also apply the attached patch.
G'luck,
Peter
--
If I were you, who would be reading this sentence?
===================================================================
RCS file: /home/ncvs/src/include/glob.h,v
retrieving revision 1.3
retrieving revision 1.3.6.1
diff -u -p -r1.3 -r1.3.6.1
--- src/include/glob.h 1998/02/25 02:15:59 1.3
+++ src/include/glob.h 2001/03/21 14:33:56 1.3.6.1
@@ -34,6 +34,7 @@
* SUCH DAMAGE.
*
* @(#)glob.h 8.1 (Berkeley) 6/2/93
+ * $FreeBSD: /home/ncvs/src/include/glob.h,v 1.3.6.1 2001/03/21 14:33:56 jlemon Exp $
*/
#ifndef _GLOB_H_
@@ -76,9 +77,11 @@ typedef struct {
#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */
#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */
#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */
+#define GLOB_MAXPATH 0x1000 /* limit number of returned paths */
#define GLOB_NOSPACE (-1) /* Malloc call failed. */
#define GLOB_ABEND (-2) /* Unignored error. */
+#define GLOB_LIMIT (-3) /* Path limit was hit. */
__BEGIN_DECLS
int glob __P((const char *, int, int (*)(const char *, int), glob_t *));
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
