From d2b0686adb0fb207ad0feccbfb5406bec05c2ed4 Mon Sep 17 00:00:00 2001 From: wenyuzifangtest001 Date: Fri, 12 Sep 2025 18:54:12 +0800 Subject: [PATCH] Update code from upstream --- ftp.spec | 31 +++++- netkit-ftp-0.17-acct_ovl.patch | 13 +++ netkit-ftp-0.17-case.patch | 16 +++ netkit-ftp-0.17-chkmalloc.patch | 33 ++++++ netkit-ftp-0.17-commands-leaks.patch | 13 +++ netkit-ftp-0.17-data.patch | 24 +++++ netkit-ftp-0.17-fdleak.patch | 11 ++ netkit-ftp-0.17-linelen-segfault.patch | 23 +++++ netkit-ftp-0.17-linelen.patch | 33 ++++++ netkit-ftp-0.17-longint.patch | 135 +++++++++++++++++++++++++ netkit-ftp-0.17-runique_mget.patch | 13 +++ netkit-ftp-0.17-segv.patch | 82 +++++++++++++++ netkit-ftp-0.17-sigseg.patch | 16 +++ netkit-ftp-0.17-token.patch | 75 ++++++++++++++ netkit-ftp-0.17-vsftp165083.patch | 47 +++++++++ 15 files changed, 561 insertions(+), 4 deletions(-) create mode 100644 netkit-ftp-0.17-acct_ovl.patch create mode 100644 netkit-ftp-0.17-case.patch create mode 100644 netkit-ftp-0.17-chkmalloc.patch create mode 100644 netkit-ftp-0.17-commands-leaks.patch create mode 100644 netkit-ftp-0.17-data.patch create mode 100644 netkit-ftp-0.17-fdleak.patch create mode 100644 netkit-ftp-0.17-linelen-segfault.patch create mode 100644 netkit-ftp-0.17-linelen.patch create mode 100644 netkit-ftp-0.17-longint.patch create mode 100644 netkit-ftp-0.17-runique_mget.patch create mode 100644 netkit-ftp-0.17-segv.patch create mode 100644 netkit-ftp-0.17-sigseg.patch create mode 100644 netkit-ftp-0.17-token.patch create mode 100644 netkit-ftp-0.17-vsftp165083.patch diff --git a/ftp.spec b/ftp.spec index 0adb339..fe932f9 100644 --- a/ftp.spec +++ b/ftp.spec @@ -1,13 +1,13 @@ -%define anolis_release 3 +%define anolis_release 4 Summary: The standard UNIX FTP (File Transfer Protocol) client Name: ftp -Version: 0.17 +Version: 0.17 Release: %{anolis_release}%{dist} License: BSD with advertising URL: http://ftp.linux.org.uk/pub/linux/Networking/netkit +Source0: ftp://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-ftp-0.17.tar.gz -Source0: http://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-ftp-%{version}.tar.gz Patch0001: 0001-PATCH-netkit-ftp-0.17-pre20000412.pasv-security.patch Patch0002: 0002-PATCH-netkit-ftp-0.17-acct.patch @@ -45,6 +45,20 @@ Patch0033: 0033-PATCH-netkit-ftp-0.17-getlogin.patch Patch0034: 0034-PATCH-netkit-ftp-0.17-token.patch Patch0035: 0035-PATCH-netkit-ftp-0.17-linelen-segfault.patch Patch0036: 0036-PATCH-netkit-ftp-0.17-out-of-memory.patch +Patch37: netkit-ftp-0.17-data.patch +Patch38: netkit-ftp-0.17-token.patch +Patch39: netkit-ftp-0.17-linelen-segfault.patch +Patch40: netkit-ftp-0.17-case.patch +Patch41: netkit-ftp-0.17-longint.patch +Patch42: netkit-ftp-0.17-linelen.patch +Patch43: netkit-ftp-0.17-fdleak.patch +Patch44: netkit-ftp-0.17-sigseg.patch +Patch45: netkit-ftp-0.17-runique_mget.patch +Patch46: netkit-ftp-0.17-vsftp165083.patch +Patch47: netkit-ftp-0.17-chkmalloc.patch +Patch48: netkit-ftp-0.17-commands-leaks.patch +Patch49: netkit-ftp-0.17-acct_ovl.patch +Patch50: netkit-ftp-0.17-segv.patch BuildRequires: glibc-devel, readline-devel, ncurses-devel BuildRequires: perl-interpreter, gcc @@ -136,4 +150,13 @@ make INSTALLROOT=${RPM_BUILD_ROOT} install - Optimize spec file * Wed Apr 13 2022 Zhongling He - 0.17-1 -- Init package from upstream v0.17 +- Init package from upstream v0.17* Fri Sep 12 2025 wenyuzifangtest001 - 0.17-4 +- Apply patches to prevent buffer overflow vulnerabilities and enhance security +- Fix incorrect pointer assignment to prevent logic errors and crashes +- Fix integer overflow to ensure stability and correctness for large file transfers +- Apply patch to ensure proper cleanup of the data connection after file transfers +- Apply patch to prevent crashes and ensure safe resource cleanup during connection loss +- Apply patch to prevent hangs, handle errors, and ensure robust FTP transfers with timeout support +- Apply patch to fix memory leaks and improve resource management +- Apply patch to prevent buffer overflow and ensure safe memory handling +- Fix segmentation faults and prevent resource leaks in error cases diff --git a/netkit-ftp-0.17-acct_ovl.patch b/netkit-ftp-0.17-acct_ovl.patch new file mode 100644 index 0000000..ebff49c --- /dev/null +++ b/netkit-ftp-0.17-acct_ovl.patch @@ -0,0 +1,13 @@ +diff -up netkit-ftp-0.17/ftp/cmds.c.acct_ovl netkit-ftp-0.17/ftp/cmds.c +--- netkit-ftp-0.17/ftp/cmds.c.acct_ovl 2011-09-09 15:36:36.087956561 +0200 ++++ netkit-ftp-0.17/ftp/cmds.c 2011-09-09 15:41:16.457495370 +0200 +@@ -1837,8 +1837,7 @@ account(int argc, char *argv[]) + while (argc > 1) { + --argc; + ++argv; +- strncat(buf, *argv, sizeof(buf)-strlen(buf)); +- buf[sizeof(buf)-1] = 0; ++ strncat(buf, *argv, sizeof(buf)-strlen(buf)-1); + } + ap = buf; + } diff --git a/netkit-ftp-0.17-case.patch b/netkit-ftp-0.17-case.patch new file mode 100644 index 0000000..a6eb166 --- /dev/null +++ b/netkit-ftp-0.17-case.patch @@ -0,0 +1,16 @@ +diff -up netkit-ftp-0.17/ftp/cmds.c.case netkit-ftp-0.17/ftp/cmds.c +--- netkit-ftp-0.17/ftp/cmds.c.case 2008-04-23 14:52:59.000000000 +0200 ++++ netkit-ftp-0.17/ftp/cmds.c 2008-04-23 14:58:07.000000000 +0200 +@@ -831,8 +831,11 @@ mget(int argc, char **argv) + tp++; + tp2++; + } ++ tp = tmpbuf; ++ } ++ else { ++ tp = cp; + } +- tp = tmpbuf; + } + if (ntflag) { + tp = dotrans(tp); diff --git a/netkit-ftp-0.17-chkmalloc.patch b/netkit-ftp-0.17-chkmalloc.patch new file mode 100644 index 0000000..f9a1210 --- /dev/null +++ b/netkit-ftp-0.17-chkmalloc.patch @@ -0,0 +1,33 @@ +diff -up netkit-ftp-0.17/ftp/ruserpass.c.chkmalloc netkit-ftp-0.17/ftp/ruserpass.c +--- netkit-ftp-0.17/ftp/ruserpass.c.chkmalloc 2008-12-01 11:54:15.000000000 +0100 ++++ netkit-ftp-0.17/ftp/ruserpass.c 2008-12-01 11:56:06.000000000 +0100 +@@ -137,7 +137,8 @@ next: + if (token()) { + if (*aname == 0) { + *aname = malloc((unsigned) strlen(tokval) + 1); +- (void) strcpy(*aname, tokval); ++ if (*aname != NULL) ++ (void) strcpy(*aname, tokval); + } else { + if (strcmp(*aname, tokval)) + goto next; +@@ -158,7 +159,8 @@ next: + } + if (token() && *apass == 0) { + *apass = malloc((unsigned) strlen(tokval) + 1); +- (void) strcpy(*apass, tokval); ++ if (*apass != NULL) ++ (void) strcpy(*apass, tokval); + } + break; + case ACCOUNT: +@@ -170,7 +172,8 @@ next: + } + if (token() && *aacct == 0) { + *aacct = malloc((unsigned) strlen(tokval) + 1); +- (void) strcpy(*aacct, tokval); ++ if (*aacct != NULL) ++ (void) strcpy(*aacct, tokval); + } + break; + case MACDEF: diff --git a/netkit-ftp-0.17-commands-leaks.patch b/netkit-ftp-0.17-commands-leaks.patch new file mode 100644 index 0000000..a2bd264 --- /dev/null +++ b/netkit-ftp-0.17-commands-leaks.patch @@ -0,0 +1,13 @@ +diff -up netkit-ftp-0.17/ftp/cmds.c.orig netkit-ftp-0.17/ftp/cmds.c +--- netkit-ftp-0.17/ftp/cmds.c.orig 2011-09-05 14:41:34.000000000 +0200 ++++ netkit-ftp-0.17/ftp/cmds.c 2011-09-05 14:44:44.000000000 +0200 +@@ -499,6 +499,9 @@ usage: + } + sendrequest(cmd, argv[1], argv[2], + argv[1] != oldargv1 || argv[2] != oldargv2); ++ if (argv[1] != oldargv1) { ++ free(argv[1]); ++ } + } + + void mabort(int); diff --git a/netkit-ftp-0.17-data.patch b/netkit-ftp-0.17-data.patch new file mode 100644 index 0000000..43157f8 --- /dev/null +++ b/netkit-ftp-0.17-data.patch @@ -0,0 +1,24 @@ +--- netkit-ftp-0.17/ftp/ftp.c.data 2005-12-02 15:31:27.000000000 +0100 ++++ netkit-ftp-0.17/ftp/ftp.c 2005-12-02 15:35:46.000000000 +0100 +@@ -1223,6 +1223,7 @@ + static int + initconn(void) + { ++ int rc; + u_char *p, *a; + int result, tmpno = 0; + socklen_t len; +@@ -1240,6 +1241,13 @@ + } + #endif + if (passivemode) { ++ if (data >= 0){ ++ rc = close (data); ++ data = -1; ++ if (rc == -1){ ++ perror ("ftp: close"); ++ } ++ } + data_addr = hisctladdr; + data = socket(data_addr.su_family, SOCK_STREAM, 0); + if (data < 0) { diff --git a/netkit-ftp-0.17-fdleak.patch b/netkit-ftp-0.17-fdleak.patch new file mode 100644 index 0000000..0f995c5 --- /dev/null +++ b/netkit-ftp-0.17-fdleak.patch @@ -0,0 +1,11 @@ +diff -up netkit-ftp-0.17/ftp/cmds.c.old netkit-ftp-0.17/ftp/cmds.c +--- netkit-ftp-0.17/ftp/cmds.c.old 2007-10-17 16:28:57.000000000 +0200 ++++ netkit-ftp-0.17/ftp/cmds.c 2007-10-17 16:33:41.000000000 +0200 +@@ -764,6 +764,7 @@ usage: + + recvrequest("RETR", argv[2], argv[1], modestr, + argv[1] != oldargv1 || argv[2] != oldargv2); ++ (void) close(data), data = -1; + restart_point = 0; + return (0); + } diff --git a/netkit-ftp-0.17-linelen-segfault.patch b/netkit-ftp-0.17-linelen-segfault.patch new file mode 100644 index 0000000..a16db58 --- /dev/null +++ b/netkit-ftp-0.17-linelen-segfault.patch @@ -0,0 +1,23 @@ +diff -up netkit-ftp-0.17/ftp/ftp.c.orig netkit-ftp-0.17/ftp/ftp.c +diff -up netkit-ftp-0.17/ftp/ftp_var.h.orig netkit-ftp-0.17/ftp/ftp_var.h +diff -up netkit-ftp-0.17/ftp/main.c.orig netkit-ftp-0.17/ftp/main.c +--- netkit-ftp-0.17/ftp/main.c.orig 2018-09-03 16:49:16.459000000 +0200 ++++ netkit-ftp-0.17/ftp/main.c 2018-09-03 17:00:14.853452345 +0200 +@@ -399,7 +399,7 @@ int slrflag; + char ** + makeargv(int *pargc, char **parg) + { +- static char *rargv[20]; ++ static char *rargv[LINELEN]; + int rargc = 0; + char **argp; + +@@ -407,7 +407,7 @@ makeargv(int *pargc, char **parg) + stringbase = line; /* scan from first of buffer */ + argbase = argbuf; /* store from first of buffer */ + slrflag = 0; +- while ((*argp++ = slurpstring())!=NULL) ++ while ((rargc < LINELEN) && (*argp++ = slurpstring())!=NULL) + rargc++; + + *pargc = rargc; diff --git a/netkit-ftp-0.17-linelen.patch b/netkit-ftp-0.17-linelen.patch new file mode 100644 index 0000000..2e80a3f --- /dev/null +++ b/netkit-ftp-0.17-linelen.patch @@ -0,0 +1,33 @@ +--- netkit-ftp-0.17-dist/ftp/ftp_var.h 2012-10-29 10:02:44.455342130 +0100 ++++ netkit-ftp-0.17-new/ftp/ftp_var.h 2012-10-29 10:02:31.292342775 +0100 +@@ -54,6 +54,7 @@ + #define Extern extern + #endif + ++#define LINELEN PATH_MAX+200 + + /* + * Options and other state info. +@@ -109,9 +110,9 @@ Extern int ftp_port; /* htons'd port num + + Extern sigjmp_buf toplevel; /* non-local goto stuff for cmd scanner */ + +-Extern char line[200]; /* input line buffer */ ++Extern char line[LINELEN]; /* input line buffer */ + Extern char *stringbase; /* current scan point in line buffer */ +-Extern char argbuf[200]; /* argument storage buffer */ ++Extern char argbuf[LINELEN]; /* argument storage buffer */ + Extern char *argbase; /* current storage point in arg buffer */ + Extern int cpend; /* flag: if != 0, then pending server reply */ + Extern int mflag; /* flag: if != 0, then active multi command */ +--- netkit-ftp-0.17/ftp/domacro.c 2012-10-29 10:02:44.394342130 +0100 ++++ netkit-ftp-0.17-new/ftp/domacro.c 2012-10-29 10:02:31.292342775 +0100 +@@ -53,7 +53,7 @@ domacro(int argc, char *argv[]) + register int i, j; + register char *cp1, *cp2; + int count = 2, loopflg = 0; +- char line2[200]; ++ char line2[LINELEN]; + struct cmd *c; + + if (argc < 2 && !another(&argc, &argv, "macro name")) { diff --git a/netkit-ftp-0.17-longint.patch b/netkit-ftp-0.17-longint.patch new file mode 100644 index 0000000..c7b9f91 --- /dev/null +++ b/netkit-ftp-0.17-longint.patch @@ -0,0 +1,135 @@ +--- netkit-ftp-0.17/ftp/ftp.c.rasold 2005-08-22 14:22:50.000000000 +0200 ++++ netkit-ftp-0.17/ftp/ftp.c 2005-08-22 14:23:02.000000000 +0200 +@@ -139,7 +139,7 @@ + static char *gunique(char *); + static void proxtrans(const char *cmd, char *local, char *remote); + static int initconn(void); +-static void ptransfer(const char *direction, long bytes, ++static void ptransfer(const char *direction, long long bytes, + const struct timeval *t0, + const struct timeval *t1); + static void tvsub(struct timeval *tdiff, +@@ -579,7 +579,7 @@ + int (*volatile closefunc)(FILE *); + void (*volatile oldintr)(int); + void (*volatile oldintp)(int); +- volatile long bytes = 0, hashbytes = HASHBYTES; ++ volatile long long bytes = 0, hashbytes = HASHBYTES; + char buf[BUFSIZ], *bufp; + const char *volatile lmode; + +@@ -713,14 +713,14 @@ + if ((d = write(fileno(dout), bufp, c)) <= 0) + break; + if (hash) { +- while (bytes >= hashbytes) { +- (void) putchar('#'); +- hashbytes += HASHBYTES; +- } +- (void) fflush(stdout); +- } ++ while (bytes >= hashbytes) { /* <-- 'long long' signed overflow is */ ++ (void) putchar('#'); /* possible. In this case, we can */ ++ hashbytes += HASHBYTES; /* 'cycle' there for very long time. */ ++ } /* Search 'hasbytes' in file down, */ ++ (void) fflush(stdout); /* there are similar parts. */ ++ } /* */ + if (tick && (bytes >= hashbytes)) { +- printf("\rBytes transferred: %ld", bytes); ++ printf("\rBytes transferred: %lld", bytes); + (void) fflush(stdout); + while (bytes >= hashbytes) + hashbytes += TICKBYTES; +@@ -733,7 +733,7 @@ + (void) fflush(stdout); + } + if (tick) { +- (void) printf("\rBytes transferred: %ld\n", bytes); ++ (void) printf("\rBytes transferred: %lld\n", bytes); + (void) fflush(stdout); + } + if (c < 0) +@@ -755,7 +755,7 @@ + hashbytes += HASHBYTES; + } + if (tick && (bytes >= hashbytes)) { +- (void) printf("\rBytes transferred: %ld", ++ (void) printf("\rBytes transferred: %lld", + bytes); + (void) fflush(stdout); + while (bytes >= hashbytes) +@@ -780,7 +780,7 @@ + (void) fflush(stdout); + } + if (tick) { +- (void) printf("\rBytes transferred: %ld\n", bytes); ++ (void) printf("\rBytes transferred: %lld\n", bytes); + (void) fflush(stdout); + } + if (ferror(fin)) +@@ -853,9 +853,9 @@ + void (*volatile oldintp)(int); + void (*volatile oldintr)(int); + volatile int is_retr, tcrflag, bare_lfs = 0; +- static unsigned bufsize; ++ static unsigned bufsize=0; + static char *buf; +- volatile long bytes = 0, hashbytes = HASHBYTES; ++ volatile long long bytes = 0, hashbytes = HASHBYTES; + register int c, d; + struct timeval start, stop; + struct stat st; +@@ -1031,7 +1031,7 @@ + (void) fflush(stdout); + } + if (tick && (bytes >= hashbytes) && is_retr) { +- (void) printf("\rBytes transferred: %ld", ++ (void) printf("\rBytes transferred: %lld", + bytes); + (void) fflush(stdout); + while (bytes >= hashbytes) +@@ -1045,7 +1045,7 @@ + (void) fflush(stdout); + } + if (tick && is_retr) { +- (void) printf("\rBytes transferred: %ld\n", bytes); ++ (void) printf("\rBytes transferred: %lld\n", bytes); + (void) fflush(stdout); + } + if (c < 0) { +@@ -1095,7 +1095,7 @@ + hashbytes += HASHBYTES; + } + if (tick && (bytes >= hashbytes) && is_retr) { +- printf("\rBytes transferred: %ld", ++ printf("\rBytes transferred: %lld", + bytes); + fflush(stdout); + while (bytes >= hashbytes) +@@ -1126,7 +1126,7 @@ + (void) fflush(stdout); + } + if (tick && is_retr) { +- (void) printf("\rBytes transferred: %ld\n", bytes); ++ (void) printf("\rBytes transferred: %lld\n", bytes); + (void) fflush(stdout); + } + if (bare_lfs) { +@@ -1540,7 +1540,7 @@ + } + + static void +-ptransfer(const char *direction, long bytes, ++ptransfer(const char *direction, long long bytes, + const struct timeval *t0, + const struct timeval *t1) + { +@@ -1552,7 +1552,7 @@ + s = td.tv_sec + (td.tv_usec / 1000000.); + #define nz(x) ((x) == 0 ? 1 : (x)) + bs = bytes / nz(s); +- printf("%ld bytes %s in %.3g secs (%.2g Kbytes/sec)\n", ++ printf("%lld bytes %s in %.3g secs (%.2g Kbytes/sec)\n", + bytes, direction, s, bs / 1024.0); + } + } diff --git a/netkit-ftp-0.17-runique_mget.patch b/netkit-ftp-0.17-runique_mget.patch new file mode 100644 index 0000000..8ba1152 --- /dev/null +++ b/netkit-ftp-0.17-runique_mget.patch @@ -0,0 +1,13 @@ +--- netkit-ftp-0.17/ftp/ftp.c.runique_mget 2004-12-07 12:05:49.360133092 +0100 ++++ netkit-ftp-0.17/ftp/ftp.c 2004-12-07 12:06:48.480883902 +0100 +@@ -923,7 +923,9 @@ + return; + } + } +- else if (runique && (local = gunique(local)) == NULL) { ++ else if (runique && (strcmp(cmd, "NLST") != 0) && ++ (local = gunique(local)) == NULL) ++ { + (void) signal(SIGINT, oldintr); + code = -1; + return; diff --git a/netkit-ftp-0.17-segv.patch b/netkit-ftp-0.17-segv.patch new file mode 100644 index 0000000..12d5960 --- /dev/null +++ b/netkit-ftp-0.17-segv.patch @@ -0,0 +1,82 @@ +--- netkit-ftp-0.17/ftp/ftp.c.segv 2004-06-14 11:04:38.000000000 -0400 ++++ netkit-ftp-0.17/ftp/ftp.c 2004-06-14 11:06:46.000000000 -0400 +@@ -472,6 +472,8 @@ + return (0); + } + lostpeer(0); ++ fclose(cout); ++ cout = NULL; + if (verbose) { + printf("421 Service not available, remote server has closed connection\n"); + (void) fflush(stdout); +@@ -529,7 +531,14 @@ + cpend = 0; + (void) signal(SIGINT,oldintr); + if (code == 421 || originalcode == 421) ++ { + lostpeer(0); ++ if(cout) ++ { ++ fclose(cout); ++ cout = NULL; ++ } ++ } + if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN) + (*oldintr)(SIGINT); + return (n - '0'); +@@ -1790,6 +1799,11 @@ + if (ptabflg) + code = -1; + lostpeer(0); ++ if(cout != NULL) ++ { ++ fclose(cout); ++ cout = NULL; ++ } + } + (void) getreply(0); + (void) getreply(0); +@@ -1815,6 +1829,11 @@ + perror("reset"); + code = -1; + lostpeer(0); ++ if(cout != NULL) ++ { ++ fclose(cout); ++ cout = NULL; ++ } + } + else if (nfnd) { + (void) getreply(0); +@@ -1897,6 +1916,11 @@ + if (ptabflg) + code = -1; + lostpeer(0); ++ if(cout != NULL) ++ { ++ fclose(cout); ++ cout = NULL; ++ } + } + if (din && FD_ISSET(fileno(din), &mask)) { + while (read(fileno(din), buf, BUFSIZ) > 0) +--- netkit-ftp-0.17/ftp/main.c.segv 2004-06-14 11:03:18.000000000 -0400 ++++ netkit-ftp-0.17/ftp/main.c 2004-06-14 11:03:42.000000000 -0400 +@@ -235,8 +235,6 @@ + if (connected) { + if (cout != NULL) { + shutdown(fileno(cout), 1+1); +- fclose(cout); +- cout = NULL; + } + if (data >= 0) { + shutdown(data, 1+1); +@@ -249,8 +247,6 @@ + if (connected) { + if (cout != NULL) { + shutdown(fileno(cout), 1+1); +- fclose(cout); +- cout = NULL; + } + connected = 0; + } diff --git a/netkit-ftp-0.17-sigseg.patch b/netkit-ftp-0.17-sigseg.patch new file mode 100644 index 0000000..0972eb1 --- /dev/null +++ b/netkit-ftp-0.17-sigseg.patch @@ -0,0 +1,16 @@ +--- netkit-ftp-0.17-orig/ftp/ftp.c 2007-08-06 23:32:49.000000000 +0200 ++++ netkit-ftp-0.17/ftp/ftp.c 2007-08-06 23:31:06.000000000 +0200 +@@ -483,8 +483,10 @@ getreply(int expecteof) + return (0); + } + lostpeer(0); +- fclose(cout); +- cout = NULL; ++ if (cout) { ++ fclose(cout); ++ cout = NULL; ++ } + if (verbose) { + printf("421 Service not available, remote server has closed connection\n"); + (void) fflush(stdout); + diff --git a/netkit-ftp-0.17-token.patch b/netkit-ftp-0.17-token.patch new file mode 100644 index 0000000..d888300 --- /dev/null +++ b/netkit-ftp-0.17-token.patch @@ -0,0 +1,75 @@ +diff -rup netkit-ftp-0.17/ftp/ruserpass.c netkit-ftp-0.17-new/ftp/ruserpass.c +--- netkit-ftp-0.17/ftp/ruserpass.c 2012-10-29 15:11:10.593841089 +0100 ++++ netkit-ftp-0.17-new/ftp/ruserpass.c 2012-10-29 15:13:14.379822697 +0100 +@@ -58,7 +58,8 @@ static int token(void); + #define ID 10 + #define MACH 11 + +-static char tokval[100]; ++#define MAXTOKENLEN 4096 ++static char tokval[MAXTOKENLEN]; + + static struct toktab { + const char *tokstr; +@@ -249,13 +250,16 @@ bad: + return(-1); + } + +-static ++static + int + token(void) + { + char *cp; + int c; + struct toktab *t; ++ size_t toklen = 0; ++ int showwarn = 1; ++ int quote = 0; + + if (feof(cfile)) + return (0); +@@ -266,20 +270,32 @@ token(void) + return (0); + cp = tokval; + if (c == '"') { +- while ((c = getc(cfile)) != EOF && c != '"') { +- if (c == '\\') +- c = getc(cfile); +- *cp++ = c; +- } +- } else { ++ quote = 1; ++ } ++ else { + *cp++ = c; +- while ((c = getc(cfile)) != EOF +- && c != '\n' && c != '\t' && c != ' ' && c != ',') { +- if (c == '\\') +- c = getc(cfile); +- *cp++ = c; ++ toklen++; ++ } ++ while ((c = getc(cfile)) != EOF) { ++ if (c == '"') ++ break; ++ if (c == '\\') ++ c = getc(cfile); ++ if (!quote && (c == '\n' || c == '\t' || c == ' ' || c == ',')) ++ break; ++ if (toklen >= MAXTOKENLEN) { ++ if (showwarn) { ++ fprintf(stderr, ++ "Warning: .netrc token too long, will be trunctated to %zd characters\n", ++ toklen); ++ showwarn = 0; ++ } ++ continue; + } ++ *cp++ = c; ++ toklen++; + } ++ + *cp = 0; + if (tokval[0] == 0) + return (0); diff --git a/netkit-ftp-0.17-vsftp165083.patch b/netkit-ftp-0.17-vsftp165083.patch new file mode 100644 index 0000000..8dcd905 --- /dev/null +++ b/netkit-ftp-0.17-vsftp165083.patch @@ -0,0 +1,47 @@ +--- netkit-ftp-0.17/ftp/ftp.c.vsftp 2005-08-29 16:07:35.000000000 +0200 ++++ netkit-ftp-0.17/ftp/ftp.c 2005-08-30 10:58:10.000000000 +0200 +@@ -582,6 +582,7 @@ + volatile long long bytes = 0, hashbytes = HASHBYTES; + char buf[BUFSIZ], *bufp; + const char *volatile lmode; ++ int old_code_l; + + if (verbose && printnames) { + if (local && *local != '-') +@@ -799,7 +800,35 @@ + (void) fclose(dout); + /* closes data as well, so discard it */ + data = -1; +- (void) getreply(0); ++ old_code_l = code; ++ (void) getreply(0); ++ ++ /* Following "if" will avoid a bug #165083 in ftp-server */ ++ /* It can be later removed. */ ++ if (old_code_l == 150 && code == 150 && cpend == 1 ++ && sunique == 1 && cin != NULL && fileno (cin) >= 0 ) { ++ #include ++ struct pollfd fds_events_l [2] ; ++ int rc; ++ ++ fds_events_l [0] .fd = fileno (cin); ++ fds_events_l [0] .events = POLLIN | POLLERR | POLLHUP; ++ ++ rc = poll (fds_events_l, 1, 5000); ++ switch (rc) { ++ case 1: ++ (void) getreply (0); ++ break; ++ case 0: ++ fprintf (stderr, "ftp: no answer from ftp-server " ++ "(more than 5 sec).\n"); ++ break; ++ case -1: ++ perror("ftp: poll"); ++ break; ++ } ++ } ++ + (void) signal(SIGINT, oldintr); + if (oldintp) + (void) signal(SIGPIPE, oldintp); -- Gitee