CVS commit: [netbsd-4] src/libexec/ftpd

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: [netbsd-4] src/libexec/ftpd
From: Manuel Bouyer <bouyer%netbsd.org@localhost>
Date: Thu, 18 Sep 2008 18:24:59 +0000 (UTC)

Module Name:    src
Committed By:   bouyer
Date:           Thu Sep 18 18:24:59 UTC 2008

Modified Files:
        src/libexec/ftpd [netbsd-4]: extern.h ftpcmd.y ftpd.c version.h

Log Message:
Pull up following revision(s) (requested by lukem in ticket #1202):
        libexec/ftpd/ftpd.c: revision 1.187
        libexec/ftpd/extern.h: revision 1.58
        libexec/ftpd/version.h: patch
        libexec/ftpd/ftpcmd.y: revision 1.88
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib%securityreason.com@localhost>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit 
<moritz%OpenBSD.o@localhost=
rg>


To generate a diff of this commit:
cvs rdiff -r1.55 -r1.55.4.1 src/libexec/ftpd/extern.h
cvs rdiff -r1.84 -r1.84.4.1 src/libexec/ftpd/ftpcmd.y
cvs rdiff -r1.177.2.3 -r1.177.2.4 src/libexec/ftpd/ftpd.c
cvs rdiff -r1.65.2.1 -r1.65.2.2 src/libexec/ftpd/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [netbsd-4-0] src/libexec/ftpd
Next by Date: CVS commit: [netbsd-4] src/doc
Previous by Thread: CVS commit: [netbsd-4-0] src/libexec/ftpd
Next by Thread: CVS commit: [netbsd-4] src/doc
Indexes:

Home | Main Index | Thread Index | Old Index