[wget/f20] Fix NULL pointer dereference in FTP code (#1169022)
Tomas Hozza
thozza at fedoraproject.org
Tue Dec 16 17:14:18 UTC 2014
commit 8c44e0d68cf9d49f102ebfc773717f99433e121e
Author: Tomas Hozza <thozza at redhat.com>
Date: Tue Dec 16 17:15:19 2014 +0100
Fix NULL pointer dereference in FTP code (#1169022)
Signed-off-by: Tomas Hozza <thozza at redhat.com>
wget-1.16.1-fix-ftp-crash.patch | 32 ++++++++++++++++++++++++++++++++
wget.spec | 7 ++++++-
2 files changed, 38 insertions(+), 1 deletions(-)
---
diff --git a/wget-1.16.1-fix-ftp-crash.patch b/wget-1.16.1-fix-ftp-crash.patch
new file mode 100644
index 0000000..71690d7
--- /dev/null
+++ b/wget-1.16.1-fix-ftp-crash.patch
@@ -0,0 +1,32 @@
+From 26790c3583b0588d21aa47603f441ee75937a2e1 Mon Sep 17 00:00:00 2001
+From: Cong Ma <cma at pmo.ac.cn>
+Date: Mon, 15 Dec 2014 21:21:10 +0800
+Subject: [PATCH] ftp: fix invalid pointer dereference in getftp() (tiny change)
+
+---
+ src/ftp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ftp.c b/src/ftp.c
+index a3b2cb6..34c3858 100644
+--- a/src/ftp.c
++++ b/src/ftp.c
+@@ -1350,7 +1350,6 @@ Error in server response, closing control connection.\n"));
+
+ /* Get the server to tell us if everything is retrieved. */
+ err = ftp_response (csock, &respline);
+- *last_expected_bytes = ftp_expected_bytes (respline);
+ if (err != FTPOK)
+ {
+ /* The control connection is decidedly closed. Print the time
+@@ -1366,6 +1365,7 @@ Error in server response, closing control connection.\n"));
+ con->csock = -1;
+ return FTPRETRINT;
+ } /* err != FTPOK */
++ *last_expected_bytes = ftp_expected_bytes (respline);
+ /* If retrieval failed for any reason, return FTPRETRINT, but do not
+ close socket, since the control connection is still alive. If
+ there is something wrong with the control connection, it will
+--
+libgit2 0.21.0
+
diff --git a/wget.spec b/wget.spec
index ee963b6..264c4f4 100644
--- a/wget.spec
+++ b/wget.spec
@@ -1,7 +1,7 @@
Summary: A utility for retrieving files using the HTTP or FTP protocols
Name: wget
Version: 1.16.1
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv3+
Group: Applications/Internet
Url: http://www.gnu.org/software/wget/
@@ -10,6 +10,7 @@ Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.xz
Patch1: wget-rh-modified.patch
Patch2: wget-1.16.1-path.patch
Patch3: wget-1.16-dont-run-failing-test.patch
+Patch4: wget-1.16.1-fix-ftp-crash.patch
Provides: webclient
Provides: bundled(gnulib)
@@ -36,6 +37,7 @@ support for Proxy servers, and configurability.
# don't run the Test-proxied-https-auth.px test since it fails with OpenSSL
# upstream is working on fix and will be fixed most probably in 1.16.1
%patch3 -p1 -b .test
+%patch4 -p1 -b .ftp_crash
%build
if pkg-config openssl ; then
@@ -75,6 +77,9 @@ rm -rf $RPM_BUILD_ROOT
%{_infodir}/*
%changelog
+* Tue Dec 16 2014 Tomas Hozza <thozza at redhat.com> - 1.16.1-2
+- Fix NULL pointer dereference in FTP code (#1169022)
+
* Thu Dec 11 2014 Tomas Hozza <thozza at redhat.com> - 1.16.1-1
- update to 1.16.1
More information about the scm-commits
mailing list