[Git][debian-proftpd-team/proftpd][buster] Add patch for upstream issue #1284 (Closes: #993173).

[Hilmar Preuße (@hilmar-guest)]

Hilmar Preuße pushed to branch buster at Debian ProFTPD Team / proftpd


Commits:
047dd128 by Hilmar Preusse at 2021-08-28T23:28:35+02:00
Add patch for upstream issue #1284 (Closes: #993173).

- - - - -


3 changed files:

- debian/changelog
- debian/patches/series
- + debian/patches/upstream_1284


Changes:

=====================================
debian/changelog
=====================================
@@ -1,4 +1,4 @@
-proftpd-dfsg (1.3.6-4+deb10u6) buster; urgency=medium
+proftpd-dfsg (1.3.6-4+deb10u6) UNRELEASED; urgency=medium
 
   * Add patch for Issue #1119: Cannot disable client-initiated
     renegotiation for FTPS
@@ -8,6 +8,7 @@ proftpd-dfsg (1.3.6-4+deb10u6) buster; urgency=medium
     (Closes: #971742)
   * Add patch for issue #866: (Closes: #991394)
     mod_sftp crashes when using pubkey-auth with DSA keys
+  * Add patch for upstream issue #1284 (Closes: #993173).
 
  -- Hilmar Preusse <hille42 at web.de>  Mon, 05 Oct 2020 21:17:00 +0200
 


=====================================
debian/patches/series
=====================================
@@ -27,3 +27,4 @@ upstream_pull_885
 upstream_pull_1076
 d0ccdef643f92ff171920a5bf2892faa5f90124d.diff
 issue_866.diff
+upstream_1284


=====================================
debian/patches/upstream_1284
=====================================
@@ -0,0 +1,43 @@
+From 10a227b4d50e0a2cd2faf87926f58d865da44e43 Mon Sep 17 00:00:00 2001
+From: Chris Hofstaedtler <chris.hofstaedtler at deduktiva.com>
+Date: Tue, 3 Aug 2021 21:53:28 +0200
+Subject: [PATCH] mod_radius: copy _only_ the password
+
+---
+ contrib/mod_radius.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+Index: proftpd/contrib/mod_radius.c
+===================================================================
+--- proftpd.orig/contrib/mod_radius.c	2021-08-28 16:10:46.810595478 +0200
++++ proftpd/contrib/mod_radius.c	2021-08-28 16:10:46.782595919 +0200
+@@ -2319,21 +2319,26 @@
+ 
+   pwlen = strlen((const char *) passwd);
+ 
++  /* Clear the buffers. */
++  memset(pwhash, '\0', sizeof(pwhash));
++
+   if (pwlen == 0) {
+     pwlen = RADIUS_PASSWD_LEN;
+ 
+   } if ((pwlen & (RADIUS_PASSWD_LEN - 1)) != 0) {
++    /* pwlen is not a multiple of RADIUS_PASSWD_LEN, need to prepare a proper buffer */
++    memcpy(pwhash, passwd, pwlen);
+ 
+     /* Round up the length. */
+     pwlen += (RADIUS_PASSWD_LEN - 1);
+ 
+     /* Truncate the length, as necessary. */
+     pwlen &= ~(RADIUS_PASSWD_LEN - 1);
++  } else {
++    /* pwlen is a multiple of RADIUS_PASSWD_LEN, we can just use it. */
++    memcpy(pwhash, passwd, pwlen);
+   }
+ 
+-  /* Clear the buffers. */
+-  memset(pwhash, '\0', sizeof(pwhash));
+-  memcpy(pwhash, passwd, pwlen);
+ 
+   /* Find the password attribute. */
+   attrib = radius_get_attrib(packet, RADIUS_PASSWORD);



View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/047dd12895c0fac39d5c88efe1c4376b68e57c27

-- 
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/047dd12895c0fac39d5c88efe1c4376b68e57c27
You're receiving this email because of your account on salsa.debian.org.