squeeze-pu: package ftpd-ssl/0.17.32+0.3-1+deb6u1

Tue, 30 Jun 2015 14:45:47 -0700 

Hello there,

fairly recently it was observed in #788331 that the
SSL-enhanced FTP server, as built from linux-ftpd-ssl,
will suffer a segmentation fault, should the client
ask for an NLST listing of an empty directory, thus
causing a denial of service but no further side effects.

Updates identical to the following has been applied
to testing, is accepted and queued for stable, as well
as proposed for oldstable. The patch is a simple
update of 'debian/patches/500-ssl.diff', which in
itself was left untouched ever since June, 2010!

The corresponding debdiff is attached. Please inform
me how approach this matter.

Best regards,
  Mats Erik Andersson, present maintainer of linux-ftpd-ssl.

diff -Nru linux-ftpd-ssl-0.17.32+0.3/debian/changelog 
linux-ftpd-ssl-0.17.32+0.3/debian/changelog
--- linux-ftpd-ssl-0.17.32+0.3/debian/changelog 2010-07-25 02:37:26.000000000 
+0200
+++ linux-ftpd-ssl-0.17.32+0.3/debian/changelog 2015-06-30 22:38:29.000000000 
+0200
@@ -1,3 +1,11 @@
+linux-ftpd-ssl (0.17.32+0.3-1+deb6u1) squeeze; urgency=medium
+
+  * QA Upload
+  * NLST of empty directory results in segfault. (Closes: #788331)
+    + debian/patches/500-ssl.diff: Updated.
+
+ -- Mats Erik Andersson <mats.anders...@gisladisker.se>  Tue, 30 Jun 2015 
22:35:55 +0200
+
 linux-ftpd-ssl (0.17.32+0.3-1) unstable; urgency=low
 
   * Update to linux-ftpd 0.17-32.
diff -Nru linux-ftpd-ssl-0.17.32+0.3/debian/patches/500-ssl.diff 
linux-ftpd-ssl-0.17.32+0.3/debian/patches/500-ssl.diff
--- linux-ftpd-ssl-0.17.32+0.3/debian/patches/500-ssl.diff      2010-07-25 
02:37:26.000000000 +0200
+++ linux-ftpd-ssl-0.17.32+0.3/debian/patches/500-ssl.diff      2015-06-16 
13:46:42.000000000 +0200
@@ -3,7 +3,7 @@
 Origin: 
ftp://ftp.uni-mainz.de/pub/software/security/ssl/SSL-MZapps/linux-ftpd-0.17+ssl-0.3.diff.gz
 Forwarded: not-needed
 Author: Tim Hudson <t...@cryptsoft.com>
-Last-Update: 2010-06-21
+Last-Update: 2015-06-11
 
 Index: linux-ftpd-ssl/ftpd/Makefile
 ===================================================================
@@ -917,10 +917,12 @@
                                byte_count += strlen(nbuf) + 1;
                        }
                }
-@@ -2705,6 +3193,13 @@
+@@ -2704,8 +3193,16 @@
+               reply(226, "Transfer complete.");
  
        transflag = 0;
-       if (dout != NULL)
+-      if (dout != NULL)
++      if (dout != NULL) {
 +#ifdef USE_SSL
 +                if (ssl_data_active_flag && (ssl_data_con!=NULL)) {
 +                  SSL_free(ssl_data_con);
@@ -929,8 +931,10 @@
 +              }
 +#endif /* USE_SSL */
                (void) fclose(dout);
++      }
        data = -1;
        pdata = -1;
+ out:
 @@ -2792,3 +3287,223 @@
  }
  #endif        /* TCPWRAPPERS */

Reply via email to