From 902ee3e5f2c9c3276215461a74e1666449769c0b Mon Sep 17 00:00:00 2001
From: "Andrey A. Chernov" <ache@FreeBSD.org>
Date: Tue, 5 Apr 2005 00:25:01 +0000
Subject: [PATCH] Integrate official skeychallenge.patch Fix denial of service
 in NLST CAN-2005-0256

---
 ftp/wu-ftpd/Makefile       |  4 ++--
 ftp/wu-ftpd/files/patch-aa | 27 +++++++++++++++++++++++----
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/ftp/wu-ftpd/Makefile b/ftp/wu-ftpd/Makefile
index d1b9a15e485e..f38e1ee80fbf 100644
--- a/ftp/wu-ftpd/Makefile
+++ b/ftp/wu-ftpd/Makefile
@@ -9,11 +9,11 @@
 
 PORTNAME=	wu-ftpd
 PORTVERSION=	2.6.2
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	ftp
 MASTER_SITES=	ftp://ftp.wu-ftpd.org/pub/wu-ftpd/
 PATCH_SITES=    ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/
-PATCHFILES=     connect-dos.patch realpath.patch
+PATCHFILES=	connect-dos.patch realpath.patch
 
 MAINTAINER=	ache@FreeBSD.org
 COMMENT=	A replacement ftp server for Un*x systems
diff --git a/ftp/wu-ftpd/files/patch-aa b/ftp/wu-ftpd/files/patch-aa
index fb9496f1c4fe..6ea6479bb5d5 100644
--- a/ftp/wu-ftpd/files/patch-aa
+++ b/ftp/wu-ftpd/files/patch-aa
@@ -1,5 +1,5 @@
---- src/ftpd.c.orig	Mon Mar  8 07:24:50 2004
-+++ src/ftpd.c	Mon Mar  8 07:24:50 2004
+--- src/ftpd.c.orig	Tue Apr  5 03:22:01 2005
++++ src/ftpd.c	Tue Apr  5 04:10:13 2005
 @@ -447,7 +447,6 @@
  #ifdef OPIE
  #include <opie.h>
@@ -24,10 +24,10 @@
  
      if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf))
 -	sprintf(buf, "Password required for %s.", name);
-+	snprintf(buf, 128, "Password required for %s.", name);
++	snprintf(buf, sizeof(buf)-1, "Password required for %s.", name);
      else
 -	sprintf(buf, "%s %s for %s.", sbuf,
-+	snprintf(buf, 128, "%s %s for %s.", sbuf,
++	snprintf(buf, sizeof(buf)-1, "%s %s for %s.", sbuf,
  		pwok ? "allowed" : "required", name);
      return (buf);
  }
@@ -95,3 +95,22 @@
  #ifdef VERBOSE_ERROR_LOGING
  		syslog(LOG_NOTICE, "FTP LOGIN FAILED (cannot chdir) for %s, %s",
  		       remoteident, pw->pw_name);
+@@ -7469,6 +7471,8 @@
+ 	    in++;
+ 	    if (*in == '/')
+ 		in++;
++	    else
++		out++;
+ 	}
+ 	else if ((in[0] == '.') && (in[1] == '.') && ((in[2] == '/') || (in[2] == '\0'))) {
+ 	    if (out == path) {
+@@ -7497,6 +7501,9 @@
+ 	}
+ 	else {
+ 	    do
++	      if ((in[0] == '*') && (in[1] == '*'))
++		in++;
++	      else
+ 		*out++ = *in++;
+ 	    while ((*in != '\0') && (*in != '/'));
+ 	    if (*in == '/')