This patch fixes a one-byte buffer overflow. Apply by doing: cd /usr/src patch -p0 < 037_ftpd.patch And then rebuild and install ftpd: cd libexec/ftpd make obj make depend make make install Index: libexec/ftpd/ftpd.c =================================================================== RCS file: /cvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.71.2.1 diff -u -r1.71.2.1 ftpd.c --- libexec/ftpd/ftpd.c 2000/07/05 22:20:08 1.71.2.1 +++ libexec/ftpd/ftpd.c 2000/12/05 17:12:01 @@ -1924,15 +1924,21 @@ replydirname(name, message) const char *name, *message; { + char *p, *ep; char npath[MAXPATHLEN]; - int i; - for (i = 0; *name != '\0' && i < sizeof(npath) - 1; i++, name++) { - npath[i] = *name; - if (*name == '"') - npath[++i] = '"'; + p = npath; + ep = &npath[sizeof(npath) - 1]; + while (*name) { + if (*name == '"' && ep - p >= 2) { + *p++ = *name++; + *p++ = '"'; + } else if (ep - p >= 1) + *p++ = *name++; + else + break; } - npath[i] = '\0'; + *p = '\0'; reply(257, "\"%s\" %s", npath, message); }