Security: Fix a double-fclose vulnerability in the dataconn function (CVE-2007-6263, #199206)

(Portage version: 2.1.3.19)

2 files changed, 24 insertions, 0 deletions

diff --git a/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r6 b/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r7
index 9c0de1ba222e..9c0de1ba222e 100644
--- a/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r6
+++ b/net-ftp/netkit-ftpd/files/digest-netkit-ftpd-0.17-r7
diff --git a/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch
new file mode 100644
index 000000000000..5da61aee7343
--- /dev/null
+++ b/net-ftp/netkit-ftpd/files/netkit-ftpd-0.17-fclose-CVE-2007-6263.patch
@@ -0,0 +1,24 @@
+diff -u linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c
+--- linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c
++++ linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c
+@@ -1729,7 +1729,7 @@
+ static FILE * dataconn(const char *name, off_t size, const char *mode, int stou)
+ {
+ 	char sizebuf[32];
+-	FILE *file;
++	FILE *file = NULL;
+ 	int retry = 0, tos;
+ 
+ 	file_size = size;
+@@ -1822,7 +1822,10 @@
+ 				    ERR_error_string(ERR_get_error(),NULL));
+ 			perror_reply(425, errbuf);
+ 			/* abort time methinks ... */
+-			fclose(file);
++			if(file != NULL){
++				fclose(file);
++				file = NULL;
++			}
+ 			return NULL;
+ 		    } else {
+ 			if (ssl_debug_flag) {