Date: Tue, 15 Sep 1998 16:49:49 -0400 (EDT)
From: Gregory A Lundberg <
[email protected]>
To: WU-FTPD Discussion List <
[email protected]>
Subject: [VR7] More current fixes and extensions for BETA-18
These are available as both patches and pre-patched tarballs at my ftp
site:
ftp://ftp.vr.net/pub/wu-ftpd/
If you take just the patch files, please remember: they are cumulative.
you cannot apply fixes from one set without earlier sets already having
been applied. The first set for BETA-18 is VR3; VR1 and two were for
BETA-17 only.
This is a list of fixes to BETA 18 with VR6 applied from
[email protected]
---------------------------------------------------------------------------
defumask caused a data alignment problem on HP-UX 10.
routevector.c uses ulong instead of u_long. ulong doesn't exist on many
systems.
The above problems were reported by
[email protected]; I've not
heard if the fix for defumask worked so I'm assuming it did.
main() is declared void; that's not ANSI, it's just stupid. Reported by
[email protected] when building for Solaris/Sparc.
DAEMON always includes <sys/termio.h>, it was needed until VR6 removed the
attempt to detach from the controlling terminal.
Missing <grp.h>. Gotta love Linux's grab-one-get-it-all method for
defining system headers, don't ya? Grrr.
The 'daemon' variable conflicts with a 'daemon()' function in some
runtimes.
Traffic counters weren't protected by TRANSFER_COUNT in some cases.
Typo in the manpage (what, just one? Come on!)
The above problems were reported by
[email protected], my thanks
both for reporting them and for merging my work to-date into BeroFTPD.
There's a bug in popen which can cause segmentation faults. It's unknown
if this is exploitable (it doesn't look like it is to me). Reported to the
mailing list by
[email protected] on May 27, 1997. I
believe he reported this quite a bit earlier as well so it's been a
problem for a long time.
Extended logging for rejected and failed login attempts. From a request
to the mailing list from
[email protected] on Jun 18, 1997.
Added PARANOID check to deny login if a real user's home directory is bad.
Something's bunged up in /etc/passwd, why trust it? Noticed while
code-reading for the next patch.
Don't respond to *ANY* commands except USER, PASS and QUIT until the
remote user logs in successfully. Noticed while testing.
Extended upload and noretrieve to have an optional parameter which
specifies whether the named file/directory is interpreted as an absolute
name or relative to the current chroot'd environment. From a suggestion
by
[email protected] on September 2, 1998.
The HELP_CRACKERS patch was too agressive and, if message files were
defined for 'deny' and 'limit' could tickle bugs in ftp clients. The
patch is backed off to drop the connection immedeately if it violates
'deny' or 'limit'. Reported by
[email protected] on September 3, 1998.
The include for 'mntent.h' isn't needed unless QUOTE_DEVICE is defined.
This caused problems on BSDI. Moving the include to only appear for
systems which use QUOTE_DEVICE. Reported by
[email protected] on September 3,
1998.
My label 'slimy_hack:' appearing just before a '}' causes some compilers
to belch. I guess some are more ANSI/ISO than others. Here's a quick fix
which ought to make them shut up until I can rewrite pass() to make the
label go away. Reported by
[email protected] on September 3, 1998.
The QUOTA logic for BSDI doesn't match what's provided by the system.
Fixed. Reported by
[email protected] on September 3, 1998.
Extended logging for rejected or denied functions such as delete, rename.
>From a request submitted to the mailing list by
[email protected] on
February 6, 1996. Patch taken from BeroFTPD-1.0.12 with permission. Added
several new log messages missed in BeroFTPD for this feature.
Transfer limits tested the wrong values for files uploaded to the server.
Noticed while proof-reading the previous patch.
--
Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive
[email protected]
Kettering, OH 45409-1615 USA 1-800-809-2195
