Package: pure-ftpd / 1.0.49-4.1

CVE-2020-9274.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
commit 8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa
Author: Frank Denis <github@pureftpd.org>
Date:   Tue Feb 18 18:36:58 2020 +0100

    diraliases: always set the tail of the list to NULL
    
    Spotted and reported by Antonio Norales from GitHub Security Labs.
    Thanks!

diff --git a/src/diraliases.c b/src/diraliases.c
index 4002a36..fb70273 100644
--- a/src/diraliases.c
+++ b/src/diraliases.c
@@ -93,7 +93,6 @@ int init_aliases(void)
                 (tail->dir = strdup(dir)) == NULL) {
                 die_mem();
             }
-            tail->next = NULL;
         } else {
             DirAlias *curr;
 
@@ -105,6 +104,7 @@ int init_aliases(void)
             tail->next = curr;
             tail = curr;
         }
+        tail->next = NULL;
     }
     fclose(fp);
     aliases_up++;