mirror of
https://git.busybox.net/buildroot.git
synced 2024-11-23 21:43:30 +08:00
e8b450d677
In Pure-FTPd 1.0.49, an incorrect max_filesize quota mechanism in the
server allows attackers to upload files of unbounded size, which may
lead to denial of service or a server hang. This occurs because a
certain greater-than-zero test does not anticipate an initial -1 value.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| 0001-listdir-reuse-a-single-buffer-to-store-every-file-name-to-display.patch | ||
| 0002-pure_strcmp-len-s2-can-be-len-s1.patch | ||
| 0003-diraliases-always-set-the-tail-of-the-list-to-NULL.patch | ||
| 0004-Initialize-the-max-upload-file-size-when-quotas-are-enabled.patch | ||
| Config.in | ||
| pure-ftpd.hash | ||
| pure-ftpd.mk | ||