Date: 	Wed, 24 Jun 1998 00:06:20 -0400
Reply-To: Bugtraq List 
Sender: Bugtraq List 
From: Automatic digest processor 
Subject:  BUGTRAQ Digest - 22 Jun 1998 to 23 Jun 1998
To: Recipients of BUGTRAQ digests 
Message-Id: <19980624040829Z81156-19100+28@brimstone.netspace.org>

There is one message totalling 43 lines in this issue.

Topics of the day:

  1. ncftp 2.4.3 bug

----------------------------------------------------------------------

Date:    Tue, 23 Jun 1998 19:35:01 +0300
From:    Liviu Daia 
Subject: Re: ncftp 2.4.3 bug

On 22 June 1998, Mike Gleason  wrote:
[...]
> As for this particular bug, it crashes because ncftp 2.x was trying to
> copy from a NULL pointer.  So, no buffer exploit.  Version 3 (still
> beta) handles it just fine.  The official gospel is to upgrade to
> version 3, since the bug doesn't occur naturally in the wild.
[...]

    However, some people might still want to stick with version 2.4.3,
since a few useful (IMHO) features have been removed along the way to
version 3. :-) So here's a simple fix, for the sake of the old days:


--- Cmds.c.old  Fri Mar 20 04:02:07 1998
+++ Cmds.c      Tue Jun 23 19:15:53 1998
@@ -241,7 +241,7 @@
         * if we can parse out the new directory without
         * doing a PWD command.
         */
-       if (cwdrp != NULL) {
+       if (cwdrp != NULL && cwdrp->msg.first != NULL) {
                /* "xxxx" is new cwd.
                 * Strip out just the xxxx to copy into the remote cwd.
                 */


    Regards,

    Liviu

--
Dr. Liviu Daia                   e-mail:   daia@stoilow.imar.ro
Institute of Mathematics         web page: http://www.imar.ro/~daia
of the Romanian Academy          PGP key:  finger daia@stoilow.imar.ro

------------------------------

End of BUGTRAQ Digest - 22 Jun 1998 to 23 Jun 1998
**************************************************