Hi @Gabe-commiter,
To fix this issue, you can you snprintf() instead of sprintf() to limit maximun bytes that are read into buffer. For detail:
int snprintf(char *str, size_t size, const char *format, ...);
*str : is a buffer.
size : is the maximum number of bytes
(characters) that will be written to the buffer.
format : C string that contains a format
string that follows the same specifications as format in printf
... : the optional ( …) arguments
are just the string formats like (“%d”, myint) as seen in printf.
Buffer overflow exists in the
do_mkdfunction in theftpproto.cfile. Overwrite rbp when new path name length exceeds 1032.The text was updated successfully, but these errors were encountered: