Jordan Ritter wrote:
>
> On Mon, 30 Aug 1999, Nic Bellamy wrote:
>
> > tracked this problem to an sprintf() into a buffer on the stack
> > in the log_xfer() routine in src/log.c. Gotta love it. Sigh.
>
> What's interesting to note is that I notified the contact at ProFTPd of
> this exact overflow back during the last ftpd fiasco (there was more than
> one way to break proftpd). Assuming that you're making this assertion
> from the absolute latest source available, I'd say it's unfortunate that
> this wasn't dealt with many months ago.
>
> --jordan
Floody, the old maintainer, fell off the net.
MacGuyver has been picking up proftpd development.
If you tried to reach Floody, it's no wonder there was no response.
I do agree that the situation is regrettable. But there are extenuating
circumstances in this case.
That is, proftpd is maintained, you just caught it in transition from
one maintainer to another.