Add a patch from CVS to fix a security vulnerability.

PR:		ports/105510
Submitted by:	Alex Samorukov <samm@os2.kiev.ua>
Approved by:	Beech Rintoul <beech@alaskaparadise.com> (maintainer)
Security:	VuXML cca97f5f-7435-11db-91de-0008743bf21a

ftp/proftpd-devel/Makefile

@@ -7,7 +7,7 @@
 
 PORTNAME=	proftpd
 DISTVERSION=	1.3.0
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	ftp
 MASTER_SITES=	ftp://ftp.proftpd.org/distrib/source/ \
 		ftp://ftp.fastorama.com/mirrors/ftp.proftpd.org/distrib/source/ \

ftp/proftpd-devel/files/patch-main.c

@@ -0,0 +1,46 @@
+--- src/main.c.orig	Wed Mar 15 21:41:01 2006
++++ src/main.c	Tue Nov 14 08:47:12 2006
+@@ -116,6 +116,8 @@
+ 
+ static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
+ 
++#define PR_DEFAULT_CMD_BUFSZ	512
++
+ static char **Argv = NULL;
+ static char *LastArgv = NULL;
+ static const char *PidPath = PR_PID_FILE_PATH;
+@@ -820,16 +822,25 @@
+       pr_timer_reset(TIMER_IDLE, NULL);
+ 
+     if (cmd_buf_size == -1) {
+-      long *buf_size = get_param_ptr(main_server->conf,
+-        "CommandBufferSize", FALSE);
+-
+-      if (buf_size == NULL || *buf_size <= 0)
+-        cmd_buf_size = 512;
++      int *bufsz = get_param_ptr(main_server->conf, "CommandBufferSize",
++        FALSE);
+ 
+-      else if (*buf_size + 1 > sizeof(buf)) {
+-	pr_log_pri(PR_LOG_WARNING, "Invalid CommandBufferSize size given. "
+-          "Resetting to 512.");
+-	cmd_buf_size = 512;
++      if (bufsz == NULL ||
++          *bufsz <= 0) {
++	pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
++          "given, resetting to default buffer size (%u)",
++          *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
++        cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
++
++      } else if (*bufsz + 1 > sizeof(buf)) {
++	pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
++          "given, resetting to default buffer size (%u)",
++          *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
++	cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
++
++      } else {
++        pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
++        cmd_buf_size = (long) *bufsz;
+       }
+     }
+ 

ftp/proftpd/Makefile

@@ -7,7 +7,7 @@
 
 PORTNAME=	proftpd
 DISTVERSION=	1.3.0
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	ftp
 MASTER_SITES=	ftp://ftp.proftpd.org/distrib/source/ \
 		ftp://ftp.fastorama.com/mirrors/ftp.proftpd.org/distrib/source/ \

ftp/proftpd/files/patch-main.c

@@ -0,0 +1,46 @@
+--- src/main.c.orig	Wed Mar 15 21:41:01 2006
++++ src/main.c	Tue Nov 14 08:47:12 2006
+@@ -116,6 +116,8 @@
+ 
+ static char sbuf[PR_TUNABLE_BUFFER_SIZE] = {'\0'};
+ 
++#define PR_DEFAULT_CMD_BUFSZ	512
++
+ static char **Argv = NULL;
+ static char *LastArgv = NULL;
+ static const char *PidPath = PR_PID_FILE_PATH;
+@@ -820,16 +822,25 @@
+       pr_timer_reset(TIMER_IDLE, NULL);
+ 
+     if (cmd_buf_size == -1) {
+-      long *buf_size = get_param_ptr(main_server->conf,
+-        "CommandBufferSize", FALSE);
+-
+-      if (buf_size == NULL || *buf_size <= 0)
+-        cmd_buf_size = 512;
++      int *bufsz = get_param_ptr(main_server->conf, "CommandBufferSize",
++        FALSE);
+ 
+-      else if (*buf_size + 1 > sizeof(buf)) {
+-	pr_log_pri(PR_LOG_WARNING, "Invalid CommandBufferSize size given. "
+-          "Resetting to 512.");
+-	cmd_buf_size = 512;
++      if (bufsz == NULL ||
++          *bufsz <= 0) {
++	pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
++          "given, resetting to default buffer size (%u)",
++          *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
++        cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
++
++      } else if (*bufsz + 1 > sizeof(buf)) {
++	pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) "
++          "given, resetting to default buffer size (%u)",
++          *bufsz, (unsigned int) PR_DEFAULT_CMD_BUFSZ);
++	cmd_buf_size = PR_DEFAULT_CMD_BUFSZ;
++
++      } else {
++        pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
++        cmd_buf_size = (long) *bufsz;
+       }
+     }
+