Bug 871296
| Summary: | netkit ftp client buffer overflow when processing tokens in .netrc | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jan Synacek <jsynacek> | ||||||
| Component: | ftp | Assignee: | Jan Synacek <jsynacek> | ||||||
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | rawhide | CC: | jsynacek | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | ftp-0.17-63.fc19 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2012-10-30 07:41:39 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 635391 [details]
[Patch] sanitize token()
This patch simplifies the token() function.
Further, the buffer to temporarily hold a token when parsing has been expanded to 4096 bytes. If, for whatever reason, the token was longer than 4096 bytes, it would be trunctated, the rest of it would be skipped and a warning message would be printed to stderr.
ftp-0.17-63.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/ftp-0.17-63.fc18 ftp-0.17-63.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 635390 [details] .netrc to reproduce Description of problem: When processing tokens in .netrc, ftp internally uses a buffer to temporarily hold a single token that is 100 bytes long. If a longer token is encountered, a buffer overflow occurs. Version-Release number of selected component (if applicable): ftp-0.17-62 How reproducible: Always. Steps to Reproduce: 1. Copy .netrc from attachment to $HOME 2. ftp to a machine (OTHER than the one specified in .netrc) 3. Specify user (this step may not be needed) 4. Observe segmentaion fault Actual results: Ftp crashes. Expected results: Ftp behaves as expected. Additional info: