38 lines
1.3 KiB
Diff
38 lines
1.3 KiB
Diff
|
# Mitigation CVE-2024-57392 / GHSA-cf42-x7h8-3v3q #1866
|
||
|
|
# #1866: Some of the fuzzing tests submitted in the advisory ran into existing
|
||
|
|
# null pointer dereferences (not buffer overflows); let's correct them.
|
||
|
|
Index: modules/mod_ls.c
|
||
|
|
===================================================================
|
||
|
|
--- modules/mod_ls.c.orig
|
||
|
|
+++ modules/mod_ls.c
|
||
|
|
@@ -2,7 +2,7 @@
|
||
|
|
* ProFTPD - FTP server daemon
|
||
|
|
* Copyright (c) 1997, 1998 Public Flood Software
|
||
|
|
* Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net>
|
||
|
|
- * Copyright (c) 2001-2022 The ProFTPD Project
|
||
|
|
+ * Copyright (c) 2001-2025 The ProFTPD Project
|
||
|
|
*
|
||
|
|
* This program is free software; you can redistribute it and/or modify
|
||
|
|
* it under the terms of the GNU General Public License as published by
|
||
|
|
@@ -360,7 +360,8 @@ static int sendline(int flags, char *fmt
|
||
|
|
errno != 0) {
|
||
|
|
int xerrno = errno;
|
||
|
|
|
||
|
|
- if (session.d != NULL) {
|
||
|
|
+ if (session.d != NULL &&
|
||
|
|
+ session.d->outstrm != NULL) {
|
||
|
|
xerrno = PR_NETIO_ERRNO(session.d->outstrm);
|
||
|
|
}
|
||
|
|
|
||
|
|
@@ -1101,7 +1102,9 @@ static int outputfiles(cmd_rec *cmd) {
|
||
|
|
return res;
|
||
|
|
}
|
||
|
|
|
||
|
|
- tail->down = NULL;
|
||
|
|
+ if (tail != NULL) {
|
||
|
|
+ tail->down = NULL;
|
||
|
|
+ }
|
||
|
|
tail = NULL;
|
||
|
|
colwidth = (colwidth | 7) + 1;
|
||
|
|
if (opt_l || !opt_C) {
|