From a673035911af89a426dfbe0f321b7a94c45e4444 Mon Sep 17 00:00:00 2001
From: Shaun Amott <shaun@FreeBSD.org>
Date: Wed, 15 Nov 2006 00:05:59 +0000
Subject: Add a patch from CVS to fix a security vulnerability.

PR:		ports/105510
Submitted by:	Alex Samorukov <samm@os2.kiev.ua>
Approved by:	Beech Rintoul <beech@alaskaparadise.com> (maintainer)
Security:	VuXML cca97f5f-7435-11db-91de-0008743bf21a
---
 ftp/proftpd-devel/Makefile           |  2 +-
 ftp/proftpd-devel/files/patch-main.c | 46 ++++++++++++++++++++++++++++++++++++
 ftp/proftpd/Makefile                 |  2 +-
 ftp/proftpd/files/patch-main.c       | 46 ++++++++++++++++++++++++++++++++++++
 4 files changed, 94 insertions(+), 2 deletions(-)
 create mode 100644 ftp/proftpd-devel/files/patch-main.c
 create mode 100644 ftp/proftpd/files/patch-main.c

(limited to 'ftp')

diff --git a/ftp/proftpd-devel/Makefile b/ftp/proftpd-devel/Makefile
index 05dff1f4a308..5c7ccf8d6f68 100644
--- a/ftp/proftpd-devel/Makefile
+++ b/ftp/proftpd-devel/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	proftpd
 DISTVERSION=	1.3.0
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	ftp
 MASTER_SITES=	ftp://ftp.proftpd.org/distrib/source/ \
 		ftp://ftp.fastorama.com/mirrors/ftp.proftpd.org/distrib/source/ \
diff --git a/ftp/proftpd-devel/files/patch-main.c b/ftp/proftpd-devel/files/patch-main.c
new file mode 100644
index 000000000000..10b29b39584e
--- /dev/null
+++ b/ftp/proftpd-devel/files/patch-main.c
@@ -0,0 +1,46 @@
+--- src/main.c.orig	Wed Mar 15 21:41:01 2006
++++ src/main.c	Tue Nov 14 08:47:12 2006
+@@ -116,6 +116,8 @@
+ 
+ static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
+ 
++#define PR_DEFAULT_CMD_BUFSZ	512
++
+ static char **Argv = NULL;
+ static char *LastArgv = NULL;
+ static const char *PidPath = PR_PID_FILE_PATH;
+@@ -820,16 +822,25 @@
+       pr_timer_reset(TIMER_IDLE, NULL);
+ 
+     if (cmd_buf_size == -1) {
+-      long *buf_size = get_param_ptr(main_server->conf,
+-        "CommandBufferSize", FALSE);
+-
+-      if (buf_size == NULL || *buf_size <= 0)
+-        cmd_buf_size = 512;
++      int *bufsz = get_param_ptr(main_server->conf, "CommandBufferSize",
++        FALSE);
+ 
+-      else if (*buf_size + 1 > sizeof(buf)) {
+-	pr_log_pri(PR_LOG_WARNING, "Invalid CommandBufferSize size given. "
+-          "Resetting to 512.");
+-	cmd_buf_size = 512;
++      if (bufsz == NULL ||
++          *bufsz <= 0) {
++	pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
++          "given, resetting to default buffer size (%u)",
++          *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
++        cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
++
++      } else if (*bufsz + 1 > sizeof(buf)) {
++	pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
++          "given, resetting to default buffer size (%u)",
++          *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
++	cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
++
++      } else {
++        pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
++        cmd_buf_size = (long) *bufsz;
+       }
+     }
+ 
diff --git a/ftp/proftpd/Makefile b/ftp/proftpd/Makefile
index 05dff1f4a308..5c7ccf8d6f68 100644
--- a/ftp/proftpd/Makefile
+++ b/ftp/proftpd/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	proftpd
 DISTVERSION=	1.3.0
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	ftp
 MASTER_SITES=	ftp://ftp.proftpd.org/distrib/source/ \
 		ftp://ftp.fastorama.com/mirrors/ftp.proftpd.org/distrib/source/ \
diff --git a/ftp/proftpd/files/patch-main.c b/ftp/proftpd/files/patch-main.c
new file mode 100644
index 000000000000..10b29b39584e
--- /dev/null
+++ b/ftp/proftpd/files/patch-main.c
@@ -0,0 +1,46 @@
+--- src/main.c.orig	Wed Mar 15 21:41:01 2006
++++ src/main.c	Tue Nov 14 08:47:12 2006
+@@ -116,6 +116,8 @@
+ 
+ static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
+ 
++#define PR_DEFAULT_CMD_BUFSZ	512
++
+ static char **Argv = NULL;
+ static char *LastArgv = NULL;
+ static const char *PidPath = PR_PID_FILE_PATH;
+@@ -820,16 +822,25 @@
+       pr_timer_reset(TIMER_IDLE, NULL);
+ 
+     if (cmd_buf_size == -1) {
+-      long *buf_size = get_param_ptr(main_server->conf,
+-        "CommandBufferSize", FALSE);
+-
+-      if (buf_size == NULL || *buf_size <= 0)
+-        cmd_buf_size = 512;
++      int *bufsz = get_param_ptr(main_server->conf, "CommandBufferSize",
++        FALSE);
+ 
+-      else if (*buf_size + 1 > sizeof(buf)) {
+-	pr_log_pri(PR_LOG_WARNING, "Invalid CommandBufferSize size given. "
+-          "Resetting to 512.");
+-	cmd_buf_size = 512;
++      if (bufsz == NULL ||
++          *bufsz <= 0) {
++	pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
++          "given, resetting to default buffer size (%u)",
++          *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
++        cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
++
++      } else if (*bufsz + 1 > sizeof(buf)) {
++	pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
++          "given, resetting to default buffer size (%u)",
++          *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
++	cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
++
++      } else {
++        pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
++        cmd_buf_size = (long) *bufsz;
+       }
+     }
+ 
-- 
cgit debian/1.2.3+git2.25.1-1-2-gaceb0