Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-20176: listdir(): reuse a single buffer to store every file name to display · jedisct1/pure-ftpd@aea56f4

In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.

CVE
#ssl

@@ -661,6 +661,8 @@ static void listdir(unsigned int depth, int f, void * const tls_fd,

char *names;

PureFileInfo *s;

PureFileInfo *r;

char *alloca_subdir;

size_t sizeof_subdir;

This comment has been minimized.

Sign in to view

Copy link

****maged9977** Jan 12, 2021**

j

int d;

if (depth >= max_ls_depth || matches >= max_ls_files) {

@@ -690,14 +692,12 @@ static void listdir(unsigned int depth, int f, void * const tls_fd,

}

outputfiles(f, tls_fd);

r = dir;

sizeof_subdir = PATH_MAX + 1U;

if ((alloca_subdir = ALLOCA(sizeof_subdir)) == NULL) {

goto toomany;

}

while (opt_R && r != s) {

if (r->name_offset != (size_t) -1 && !chdir(FI_NAME®)) {

char *alloca_subdir;

const size_t sizeof_subdir = PATH_MAX + 1U;

if ((alloca_subdir = ALLOCA(sizeof_subdir)) == NULL) {

goto toomany;

}

if (SNCHECK(snprintf(alloca_subdir, sizeof_subdir, "%s/%s",

name, FI_NAME®), sizeof_subdir)) {

goto nolist;

@@ -706,8 +706,8 @@ static void listdir(unsigned int depth, int f, void * const tls_fd,

wrstr(f, tls_fd, alloca_subdir);

wrstr(f, tls_fd, “:\r\n\r\n”);

listdir(depth + 1U, f, tls_fd, alloca_subdir);

nolist:

ALLOCA_FREE(alloca_subdir);

if (matches >= max_ls_files) {

goto toomany;

}

@@ -720,6 +720,7 @@ static void listdir(unsigned int depth, int f, void * const tls_fd,

r++;

}

toomany:

ALLOCA_FREE(alloca_subdir);

free(names);

free(dir);

names = NULL;

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907