Created attachment 635390 [details] .netrc to reproduce Description of problem: When processing tokens in .netrc, ftp internally uses a buffer to temporarily hold a single token that is 100 bytes long. If a longer token is encountered, a buffer overflow occurs. Version-Release number of selected component (if applicable): ftp-0.17-62 How reproducible: Always. Steps to Reproduce: 1. Copy .netrc from attachment to $HOME 2. ftp to a machine (OTHER than the one specified in .netrc) 3. Specify user (this step may not be needed) 4. Observe segmentaion fault Actual results: Ftp crashes. Expected results: Ftp behaves as expected. Additional info:
Created attachment 635391 [details] [Patch] sanitize token() This patch simplifies the token() function. Further, the buffer to temporarily hold a token when parsing has been expanded to 4096 bytes. If, for whatever reason, the token was longer than 4096 bytes, it would be trunctated, the rest of it would be skipped and a warning message would be printed to stderr.
Pushed: http://lists.fedoraproject.org/pipermail/scm-commits/2012-October/892160.html
ftp-0.17-63.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/ftp-0.17-63.fc18
ftp-0.17-63.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.