In addition to previously documented flaws, it appears that ftp_passv() might overflow addr with a mallicious numerical response of more than 3 digits.
Further auditing should look closely at locking with mutexes: is this even a theoretical problem, for a remote attacker? popcon indicates that this is not an unpopular package, though there are alternatives. The code, overall, isn't bad. Upstream seems to be unresponsive, however (or in denial). I also note that sometimes 1 too many bytes are allocated with alloca() (see http.c:589, http-retr.c:185,347). I'm looking at patching the http-redirect exploitable problem now. Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
