Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 181980 Details for
Bug 258838
net-ftp/proftpd-1.3.2 - version bump with security fix
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
proftpd 1.3.1 upstream security bug 3124 patch
proftpd-1.3.1-upstream-security-bug-3124.patch (text/plain), 3.59 KB, created by
Bernd Lommerzheim
on 2009-02-14 09:59:28 UTC
(
hide
)
Description:
proftpd 1.3.1 upstream security bug 3124 patch
Filename:
MIME Type:
Creator:
Bernd Lommerzheim
Created:
2009-02-14 09:59:28 UTC
Size:
3.59 KB
patch
obsolete
>Index: contrib/mod_sql.c >=================================================================== >RCS file: /cvsroot/proftp/proftpd/contrib/mod_sql.c,v >retrieving revision 1.141 >diff -u -r1.141 mod_sql.c >--- contrib/mod_sql.c 4 Oct 2008 22:15:05 -0000 1.141 >+++ contrib/mod_sql.c 27 Oct 2008 22:25:32 -0000 >@@ -1108,7 +1108,6 @@ > return NULL; > > username = (char *) mr->data; >- > usrwhere = pstrcat(cmd->tmp_pool, cmap.usrfield, "='", username, "'", NULL); > > sql_log(DEBUG_WARN, "cache miss for user '%s'", realname); >@@ -1133,7 +1132,8 @@ > } > > if (!cmap.usercustom) { >- where = sql_prepare_where(0, cmd, 2, usrwhere, cmap.userwhere, NULL); >+ where = sql_prepare_where(SQL_PREPARE_WHERE_FL_NO_TAGS, cmd, 2, usrwhere, >+ sql_prepare_where(0, cmd, 1, cmap.userwhere, NULL), NULL); > > mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 5, "default", > cmap.usrtable, cmap.usrfields, where, "1"), "sql_select"); >@@ -1372,7 +1372,8 @@ > return NULL; > } > >- where = sql_prepare_where(0, cmd, 2, grpwhere, cmap.groupwhere, NULL); >+ where = sql_prepare_where(SQL_PREPARE_WHERE_FL_NO_TAGS, cmd, 2, grpwhere, >+ sql_prepare_where(0, cmd, 1, cmap.groupwhere, NULL), NULL); > > mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 5, "default", > cmap.grptable, cmap.grpfield, where, "1"), "sql_select"); >@@ -1391,7 +1392,8 @@ > grpwhere = pstrcat(cmd->tmp_pool, cmap.grpfield, " = '", groupname, "'", > NULL); > >- where = sql_prepare_where(0, cmd, 2, grpwhere, cmap.groupwhere, NULL); >+ where = sql_prepare_where(SQL_PREPARE_WHERE_FL_NO_TAGS, cmd, 2, grpwhere, >+ sql_prepare_where(0, cmd, 1, cmap.groupwhere, NULL), NULL); > > mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 4, "default", > cmap.grptable, cmap.grpfields, where), "sql_select"); >@@ -1466,7 +1468,8 @@ > usrwhere = pstrcat(cmd->tmp_pool, cmap.usrfield, " = '", _sql_realuser(cmd), > "'", NULL); > >- where = sql_prepare_where(0, cmd, 2, usrwhere, cmap.userwhere, NULL); >+ where = sql_prepare_where(SQL_PREPARE_WHERE_FL_NO_TAGS, cmd, 2, usrwhere, >+ sql_prepare_where(0, cmd, 1, cmap.userwhere, NULL), NULL); > > mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 4, "default", cmap.usrtable, > query, where), "sql_update"); >@@ -1691,7 +1694,9 @@ > > if (strlen(tag) > 5 && > strncmp(tag, "env:", 4) == 0) { >- char *env = pr_env_get(cmd->pool, tag + 4); >+ char *env; >+ >+ env = pr_env_get(cmd->pool, tag + 4); > return pstrdup(cmd->tmp_pool, env ? env : ""); > } > >@@ -2130,6 +2135,7 @@ > > } else { > argp = resolve_short_tag(cmd, *tmp); >+ > mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 2, "default", > argp), "sql_escapestring"); > if (check_response(mr) < 0) >@@ -3609,8 +3615,9 @@ > usrwhere = pstrcat(cmd->tmp_pool, cmap.usrfield, " = '", _sql_realuser(cmd), > "'", NULL); > >- where = sql_prepare_where(0, cmd, 2, usrwhere, cmap.userwhere, NULL); >- >+ where = sql_prepare_where(SQL_PREPARE_WHERE_FL_NO_TAGS, cmd, 2, usrwhere, >+ sql_prepare_where(0, cmd, 1, cmap.userwhere, NULL), NULL); >+ > query = pstrcat(cmd->tmp_pool, cmap.sql_fstor, ", ", > cmap.sql_fretr, ", ", cmap.sql_bstor, ", ", > cmap.sql_bretr, NULL); >@@ -3644,7 +3651,8 @@ > usrwhere = pstrcat(cmd->tmp_pool, cmap.usrfield, " = '", _sql_realuser(cmd), > "'", NULL); > >- where = sql_prepare_where(0, cmd, 2, usrwhere, cmap.userwhere, NULL); >+ where = sql_prepare_where(SQL_PREPARE_WHERE_FL_NO_TAGS, cmd, 2, usrwhere, >+ sql_prepare_where(0, cmd, 1, cmap.userwhere, NULL), NULL); > > query = pstrcat(cmd->tmp_pool, cmap.sql_frate, ", ", > cmap.sql_fcred, ", ", cmap.sql_brate, ", ",
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 258838
:
181863
|
181865
|
181874
|
181875
|
181876
| 181980 |
181982
|
182237