4fd5d8df2a
In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| 0001-listdir-reuse-a-single-buffer-to-store-every-file-name-to-display.patch | ||
| 0002-pure_strcmp-len-s2-can-be-len-s1.patch | ||
| 0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch | ||
| 0004-Initialize-the-max-upload-file-size-when-quotas-are-enabled.patch | ||
| Config.in | ||
| pure-ftpd.hash | ||
| pure-ftpd.mk | ||