bin/77158: Buffer Overflow in lukemftp

[Ryoji Kanai]

>Number:         77158
>Category:       bin
>Synopsis:       Buffer Overflow in lukemftp
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 06 04:30:26 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Ryoji Kanai
>Release:        FreeBSD 6.0-CURRENT
>Organization:
eEye Digital Security
>Environment:
FreeBSD unicorn 6.0-CURRENT FreeBSD 6.0-CURRENT #1: Sun Jan 16 15:45:21 PST 2005     kanai at unicorn:/usr/obj/usr/src/sys/UNICORN  i386
>Description:
A buffer overflow exists in ftp(lukemftp).
>How-To-Repeat:
Just use long filename. ex:

ftp> get aaaaaaaaaaaa... (over 1024 = BUFSIZ)
Segmentation fault (core dumped)

>Fix:
main.c:668 is a problem. fix thie code.

> memcpy(line, buf, num);

>Release-Note:
>Audit-Trail:
>Unformatted: