source-changes: CVS commit: src/libexec/ftpd

Subject: CVS commit: src/libexec/ftpd
To: None <source-changes@netbsd.org>
From: Luke Mewburn <lukem@netbsd.org>
List: source-changes
Date: 01/22/2003 06:46:08

Module Name:	src
Committed By:	lukem
Date:		Wed Jan 22 04:46:08 UTC 2003

Modified Files:
	src/libexec/ftpd: ftpd.c version.h

Log Message:
Apply DoS fix as described by Crist J. Clark <crist.clark@attbi.com>
on <security@freebsd.org>, and subsequently in FreeBSD's cvs repository
as libexec/ftpd/ftpd.c rev 1.133:

	The FTP daemon was vulnerable to a DoS where an attacker could bind()
	up port 20 for an extended period of time and thus lock out all other
	users from establishing PORT data connections. Don't hold on to the
	bind() while we loop around waiting to see if we can make our
	connection.

Bump version to 20030122.


To generate a diff of this commit:
cvs rdiff -r1.149 -r1.150 src/libexec/ftpd/ftpd.c
cvs rdiff -r1.49 -r1.50 src/libexec/ftpd/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.