Description: Fix CVE-2005-3524 - a remotely exploitable buffer overflow.
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339074
Author: James Longstreet <jlongs2@uic.edu>

Index: linux-ftpd-ssl/ftpd/ftpd.c
===================================================================
--- linux-ftpd-ssl.orig/ftpd/ftpd.c	2010-06-14 01:29:01.000000000 +0100
+++ linux-ftpd-ssl/ftpd/ftpd.c	2010-06-14 01:29:01.000000000 +0100
@@ -2496,9 +2496,9 @@
 	va_start(ap);
 #endif
 #ifdef USE_SSL
-        /* assemble the output into a buffer */
+        /* assemble the output into a buffer, checking for length */
 	sprintf(outputbuf,"%d ",n);
-	vsprintf(outputbuf+strlen(outputbuf),fmt,ap);
+        vsnprintf(outputbuf+strlen(outputbuf),2048-(strlen(outputbuf) + 3),fmt,ap); 
 	strcat(outputbuf,"\r\n");
 
 	if (ssl_debug_flag)