Index: CHANGES =================================================================== RCS file: /cvsroot/wu-ftpd/CHANGES,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- CHANGES 2000/07/01 19:03:45 1.44 +++ CHANGES 2000/07/07 22:05:27 1.45 @@ -20,9 +20,16 @@ If you did not receive a copy of the license, it may be obtained online at http://www.wu-ftpd.org/license.html. - $Id: CHANGES,v 1.44 2000/07/01 19:03:45 wuftpd Exp $ + $Id: CHANGES,v 1.45 2000/07/07 22:05:27 wuftpd Exp $ +Changes in 2.6.2: Released + + o Fix another missing format string. This was in debugging code, so it's + not considered serious enough to push a new release yet. + +########################################################################### + Changes in 2.6.1: Released 2 Jul, 2000 o Fix security leaks that could result in a root shell compromise. @@ -39,6 +46,8 @@ o SITE MINFO was missed in 2.6.0 when disabling SITE NEWER. o Fix documentation of data-limit. + +########################################################################### Changes in 2.6.0: Released 18 Oct, 1999 Index: src/ftpd.c =================================================================== RCS file: /cvsroot/wu-ftpd/src/ftpd.c,v retrieving revision 1.111 retrieving revision 1.113 diff -u -r1.111 -r1.113 --- src/ftpd.c 2000/07/01 18:17:39 1.111 +++ src/ftpd.c 2000/07/07 22:17:38 1.113 @@ -21,7 +21,7 @@ If you did not receive a copy of the license, it may be obtained online at http://www.wu-ftpd.org/license.html. - $Id: ftpd.c,v 1.111 2000/07/01 18:17:39 wuftpd Exp $ + $Id: ftpd.c,v 1.113 2000/07/07 22:17:38 wuftpd Exp $ ****************************************************************************/ /* FTP server. */ @@ -2572,7 +2572,7 @@ #ifdef BSD_AUTH if (ext_auth) { if ((salt = check_auth(the_user, passwd))) { - reply(530, salt); + reply(530, "%s", salt); #ifdef LOG_FAILED /* 27-Apr-93 EHK/BM */ syslog(LOG_INFO, "failed login from %s", remoteident); @@ -6274,7 +6274,7 @@ if (s) { int i = ntohs(pasv_addr.sin_port); sprintf(s, "PASV port %i assigned to %s", i, remoteident); - syslog(LOG_DEBUG, s); + syslog(LOG_DEBUG, "%s", s); free(s); } } @@ -6289,7 +6289,7 @@ char *s = calloc(128 + strlen(remoteident), sizeof(char)); if (s) { sprintf(s, "PASV port assignment assigned for %s", remoteident); - syslog(LOG_DEBUG, s); + syslog(LOG_DEBUG, "%s", s); free(s); } } @@ -6435,7 +6435,7 @@ dirlist = ftpglob(whichfiles); sdirlist = dirlist; /* save to free later */ if (globerr != NULL) { - reply(550, globerr); + reply(550, "%s", globerr); goto globfree; } else if (dirlist == NULL) {