projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 40bc86a) | patch
package/pure-ftpd: fix CVE-2020-9274
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 28 Mar 2020 09:00:42 +0000 (10:00 +0100)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Sat, 28 Mar 2020 13:40:47 +0000 (14:40 +0100)
commit1d8426b32cb030888cbd3d8abdc2b4dc70e987c8
tree6175cad3dd91a53573e967f9a12aad2904fb1578tree
parent40bc86afe9bf2bf2d443fcfc10d8ddb371598098commit | diff
package/pure-ftpd: fix CVE-2020-9274

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer
vulnerability has been detected in the diraliases linked list. When the
*lookup_alias(const char alias) or print_aliases(void) function is
called, they fail to correctly detect the end of the linked list and try
to access a non-existent list member. This is related to init_aliases in
diraliases.c.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/pure-ftpd/0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch [new file with mode: 0644] blob
package/pure-ftpd/pure-ftpd.mk diff | blob | history