Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: ncftp 2.4.3 bug
From: daia () stoilow imar ro (Liviu Daia)
Date: Tue, 23 Jun 1998 19:35:01 +0300


On 22 June 1998, Mike Gleason <mgleason () NCFTP COM> wrote:
[...]
As for this particular bug, it crashes because ncftp 2.x was trying to
copy from a NULL pointer.  So, no buffer exploit.  Version 3 (still
beta) handles it just fine.  The official gospel is to upgrade to
version 3, since the bug doesn't occur naturally in the wild.
[...]

    However, some people might still want to stick with version 2.4.3,
since a few useful (IMHO) features have been removed along the way to
version 3. :-) So here's a simple fix, for the sake of the old days:


--- Cmds.c.old  Fri Mar 20 04:02:07 1998
+++ Cmds.c      Tue Jun 23 19:15:53 1998
@@ -241,7 +241,7 @@
         * if we can parse out the new directory without
         * doing a PWD command.
         */
-       if (cwdrp != NULL) {
+       if (cwdrp != NULL && cwdrp->msg.first != NULL) {
                /* "xxxx" is new cwd.
                 * Strip out just the xxxx to copy into the remote cwd.
                 */


    Regards,

    Liviu

--
Dr. Liviu Daia                   e-mail:   daia () stoilow imar ro
Institute of Mathematics         web page: http://www.imar.ro/~daia
of the Romanian Academy          PGP key:  finger daia () stoilow imar ro



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault