wget/wget-CVE-2006-6719.patch

Fixes NULL pointer dereference (CVE-2006-6719)

================================================================================
--- src/ftp-basic.c
+++ src/ftp-basic.c
@@ -1039,7 +1039,9 @@
      first word of the server response)?  */
   request = strtok (NULL, " ");
 
-  if (!strcasecmp (request, "VMS"))
+  if (request == NULL)
+    *server_type = ST_OTHER;
+  else if (!strcasecmp (request, "VMS"))
     *server_type = ST_VMS;
   else if (!strcasecmp (request, "UNIX"))
     *server_type = ST_UNIX;
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wget?expand=0&rev=2 2007-03-29 01:01:25 +02:00			`Fixes NULL pointer dereference (CVE-2006-6719)`

			`================================================================================`
			`--- src/ftp-basic.c`
			`+++ src/ftp-basic.c`
			`@@ -1039,7 +1039,9 @@`
			`first word of the server response)? */`
			`request = strtok (NULL, " ");`

			`- if (!strcasecmp (request, "VMS"))`
			`+ if (request == NULL)`
			`+ *server_type = ST_OTHER;`
			`+ else if (!strcasecmp (request, "VMS"))`
			`*server_type = ST_VMS;`
			`else if (!strcasecmp (request, "UNIX"))`
			`*server_type = ST_UNIX;`