WU-FTPD 2.6.1 diff glob.c patch

• Previous message: Andre Oppermann: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Generic patch against globc.c for:
Subject:      Wu-Ftpd File Globbing Heap Corruption Vulnerability


-- SNIP --

--- glob.c.orig	Sat Jul  1 14:17:39 2000
+++ glob.c	Wed Nov 28 00:43:38 2001
@@ -298,7 +298,7 @@

     for (lm = restbuf; *p != '{'; *lm++ = *p++)
 	continue;
-    for (pe = ++p; *pe; pe++)
+    for (pe = ++p; *pe; pe++) {
 	switch (*pe) {

 	case '{':
@@ -314,11 +314,19 @@
 	case '[':
 	    for (pe++; *pe && *pe != ']'; pe++)
 		continue;
+	    if (!*pe) {
+		globerr = "Missing ]";
+		return (0);
+	    }
 	    continue;
 	}
+    }
   pend:
-    brclev = 0;
-    for (pl = pm = p; pm <= pe; pm++)
+    if (brclev || !*pe) {
+	globerr = "Missing }";
+	return (0);
+    }
+    for (pl = pm = p; pm <= pe; pm++) {
 	switch (*pm & (QUOTE | TRIM)) {

 	case '{':
@@ -352,19 +360,18 @@
 		return (1);
 	    sort();
 	    pl = pm + 1;
-	    if (brclev)
-		return (0);
 	    continue;

 	case '[':
 	    for (pm++; *pm && *pm != ']'; pm++)
 		continue;
-	    if (!*pm)
-		pm--;
+	    if (!*pm) {
+		globerr = "Missing ]";
+		return (0);
+	    }
 	    continue;
 	}
-    if (brclev)
-	goto doit;
+    }
     return (0);
 }

@@ -416,11 +423,10 @@
 		else if (scc == (lc = cc))
 		    ok++;
 	    }
-	    if (cc == 0)
-		if (ok)
-		    p--;
-		else
-		    return 0;
+	    if (cc == 0) {
+		globerr = "Missing ]";
+		return (0);
+	    }
 	    continue;

 	case '*':

• Next message: Iván Arce: "CORE-20011001: Wu-FTP glob heap corruption vulnerability"
• Previous message: Andre Oppermann: "Re: *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 17:15:48 PST