Security update

author: Daniel Ahlberg <aliz@gentoo.org> 2003-06-08 18:15:13 +0000
committer: Daniel Ahlberg <aliz@gentoo.org> 2003-06-08 18:15:13 +0000
commit: e67102c175f63058cc7b6b78c96d47935ba2bbfc (patch)
tree: 7ee5ed2215903b3730ef3ae4757634f2e7fda95b /net-ftp/atftp/files
parent: added a todo (diff)
download: gentoo-2-e67102c175f63058cc7b6b78c96d47935ba2bbfc.tar.gz
gentoo-2-e67102c175f63058cc7b6b78c96d47935ba2bbfc.tar.bz2
gentoo-2-e67102c175f63058cc7b6b78c96d47935ba2bbfc.zip
2 files changed, 13 insertions, 0 deletions
diff --git a/net-ftp/atftp/files/atftp-0.6-security.patch b/net-ftp/atftp/files/atftp-0.6-security.patch
new file mode 100644
index 000000000000..1646018ca9d3
--- /dev/null
+++ b/net-ftp/atftp/files/atftp-0.6-security.patch
@@ -0,0 +1,12 @@
+--- tftpd_file.c	Tue Mar 12 05:26:18 2002
++++ tftpd_file_diff.c	Thu Jun  5 20:31:06 2003
+@@ -357,7 +357,8 @@
+      else
+      {
+           strcpy(filename, directory);
+-          strncat(filename, data->tftp_options[OPT_FILENAME].value, VAL_SIZE);
++          strncat(filename, data->tftp_options[OPT_FILENAME].value, 
++		VAL_SIZE - strlen( directory ) - 1 );
+      }
+ 
+      /* If the filename contain /../ sequences, we forbid the access */
diff --git a/net-ftp/atftp/files/digest-atftp-0.6-r2 b/net-ftp/atftp/files/digest-atftp-0.6-r2
new file mode 100644
index 000000000000..5cfcb463e4a5
--- /dev/null
+++ b/net-ftp/atftp/files/digest-atftp-0.6-r2
@@ -0,0 +1 @@
+MD5 fcbc9118b02fa2090046be987b1e1aec atftp-0.6.tar.gz 119898
author	Daniel Ahlberg <aliz@gentoo.org>	2003-06-08 18:15:13 +0000
committer	Daniel Ahlberg <aliz@gentoo.org>	2003-06-08 18:15:13 +0000
commit	e67102c175f63058cc7b6b78c96d47935ba2bbfc (patch)
tree	7ee5ed2215903b3730ef3ae4757634f2e7fda95b /net-ftp/atftp/files
parent	added a todo (diff)
download	gentoo-2-e67102c175f63058cc7b6b78c96d47935ba2bbfc.tar.gz gentoo-2-e67102c175f63058cc7b6b78c96d47935ba2bbfc.tar.bz2 gentoo-2-e67102c175f63058cc7b6b78c96d47935ba2bbfc.zip