darkone
06-02-2004, 08:11 AM
Ugh,
there was no such thing as broken .ioFTPD file... fault was in .ioFTPD file reader. When size of block in .ioFTPD file (used for chattr & by some scripts) grows larger than 1024 32bit uints (4096bytes :)), daemon re-allocates larger memory block. After reallocation, I had forgot to update the pointer. When reallocating memory, you need to store everything to temporary pointer.. and contents of temporary pointer are moved to real pointer, if reallocation is successful. Now that it kept using the old pointer that was no longer valid, it caused immediate memory corruption and buffer overrun.
I will be releasing patch within a few weeks.
there was no such thing as broken .ioFTPD file... fault was in .ioFTPD file reader. When size of block in .ioFTPD file (used for chattr & by some scripts) grows larger than 1024 32bit uints (4096bytes :)), daemon re-allocates larger memory block. After reallocation, I had forgot to update the pointer. When reallocating memory, you need to store everything to temporary pointer.. and contents of temporary pointer are moved to real pointer, if reallocation is successful. Now that it kept using the old pointer that was no longer valid, it caused immediate memory corruption and buffer overrun.
I will be releasing patch within a few weeks.