1536f80f4d
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer
vulnerability has been detected in the diraliases linked list. When the
*lookup_alias(const char alias) or print_aliases(void) function is
called, they fail to correctly detect the end of the linked list and try
to access a non-existent list member. This is related to init_aliases in
diraliases.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| 0001-listdir-reuse-a-single-buffer-to-store-every-file-name-to-display.patch | ||
| 0002-pure_strcmp-len-s2-can-be-len-s1.patch | ||
| 0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch | ||
| Config.in | ||
| pure-ftpd.hash | ||
| pure-ftpd.mk | ||