gftp: Address multiple flaws by taking the gentoo patch

Addresses CVE-2007-3961, CVE-2007-3962

2 files changed, 80 insertions, 2 deletions

diff --git a/recipes/gftp/gftp/gftp-2.0.18-188252.patch b/recipes/gftp/gftp/gftp-2.0.18-188252.patch
new file mode 100644
index 0000000000..27b3d48ac8
--- /dev/null
+++ b/recipes/gftp/gftp/gftp-2.0.18-188252.patch
@@ -0,0 +1,77 @@
+Gentoo patch from http://sources.gentoo.org/viewcvs.py/*checkout*/gentoo-x86/net-ftp/gftp/files/gftp-2.0.18-188252.patch?rev=1.1
+
+addresses: CVE-2007-3961, CVE-2007-3962
+
+diff --exclude-from=/home/dang/.scripts/diffrc -up -bruN gftp-2.0.18.orig/lib/fsplib/fsplib.c gftp-2.0.18/lib/fsplib/fsplib.c
+--- gftp-2.0.18.orig/lib/fsplib/fsplib.c	2005-01-18 21:03:45.000000000 -0500
++++ gftp-2.0.18/lib/fsplib/fsplib.c	2007-09-21 16:03:01.000000000 -0400
+@@ -612,7 +612,7 @@ int fsp_readdir_r(FSP_DIR *dir,struct di
+     entry->d_reclen = fentry.reclen;
+     strncpy(entry->d_name,fentry.name,MAXNAMLEN);
+ 
+-    if (fentry.namlen > MAXNAMLEN)
++    if (fentry.namlen >= MAXNAMLEN)
+     {
+ 	entry->d_name[MAXNAMLEN + 1 ] = '\0';
+ #ifdef HAVE_NAMLEN
+@@ -680,9 +680,19 @@ int fsp_readdir_native(FSP_DIR *dir,FSP_
+        /* skip file date and file size */
+        dir->dirpos += 9;
+        /* read file name */
+-       entry->name[255 + 1] = '\0';
++       entry->name[255] = '\0';
+        strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN);
++       /* check for ASCIIZ encoded filename */
++       if (memchr(dir->data + dir->dirpos,0,dir->datasize - dir->dirpos) != NULL)
++       {
+        namelen = strlen( (char *) dir->data+dir->dirpos);
++       }
++       else
++       {
++            /* \0 terminator not found at end of filename */
++            *result = NULL;
++            return 0;
++       }
+        /* skip over file name */
+        dir->dirpos += namelen +1;
+ 
+@@ -709,12 +719,12 @@ int fsp_readdir_native(FSP_DIR *dir,FSP_
+ 
+ struct dirent * fsp_readdir(FSP_DIR *dirp)
+ {
+-    static struct dirent entry;
++    static dirent_workaround entry;
+     struct dirent *result;
+     
+     
+     if (dirp == NULL) return NULL;
+-    if ( fsp_readdir_r(dirp,&entry,&result) )
++    if ( fsp_readdir_r(dirp,&entry.dirent,&result) )
+         return NULL;
+     else
+         return result;
+diff --exclude-from=/home/dang/.scripts/diffrc -up -bruN gftp-2.0.18.orig/lib/fsplib/fsplib.h gftp-2.0.18/lib/fsplib/fsplib.h
+--- gftp-2.0.18.orig/lib/fsplib/fsplib.h	2005-01-18 21:04:02.000000000 -0500
++++ gftp-2.0.18/lib/fsplib/fsplib.h	2007-09-21 15:56:37.000000000 -0400
+@@ -1,6 +1,8 @@
+ #ifndef _FSPLIB_H
+ #define _FSPLIB_H 1
+ #include <time.h>
++#include <stddef.h>
++
+ /* The FSP v2 protocol support library - public interface */
+ 
+ /*
+@@ -138,6 +140,12 @@ typedef struct FSP_FILE {
+ 		      unsigned int pos;          /* position of next packet */
+ } FSP_FILE;
+ 
++
++typedef union dirent_workaround {
++      struct dirent dirent;
++      char fill[offsetof (struct dirent, d_name) + MAXNAMLEN + 1];
++} dirent_workaround;
++ 
+ /* function prototypes */
+ 
+ /* session management */
diff --git a/recipes/gftp/gftp_2.0.18.bb b/recipes/gftp/gftp_2.0.18.bb
index f5705b1357..f5a5047e77 100644
--- a/recipes/gftp/gftp_2.0.18.bb
+++ b/recipes/gftp/gftp_2.0.18.bb
@@ -6,10 +6,11 @@ DESCRIPTION = "Free multithreaded file transfer client (FTP/HTTP/SSH)."
 HOMEPAGE="http://www.gftp.org/"
 SECTION = "x11/network"
 LICENSE="GPL"
-PR = "r1"
+PR = "r2"
 
 SRC_URI="http://www.gftp.org/gftp-${PV}.tar.bz2 \
-	 file://configure.patch;patch=1"
+	 file://configure.patch;patch=1 \
+	 file://gftp-2.0.18-188252.patch;patch=1 "
 
 DEPENDS="gtk+ openssl"