Generic patch against globc.c for:
Subject:      Wu-Ftpd File Globbing Heap Corruption Vulnerability


-- SNIP --

--- glob.c.orig Sat Jul  1 14:17:39 2000
+++ glob.c Wed Nov 28 00:43:38 2001
@@ -298,7 +298,7 @@

     for (lm = restbuf; *p != '{'; *lm++ = *p++)
  continue;
-    for (pe = ++p; *pe; pe++)
+    for (pe = ++p; *pe; pe++) {
  switch (*pe) {

  case '{':
@@ -314,11 +314,19 @@
  case '[':
      for (pe++; *pe && *pe != ']'; pe++)
  continue;
+     if (!*pe) {
+ globerr = "Missing ]";
+ return (0);
+     }
      continue;
  }
+    }
   pend:
-    brclev = 0;
-    for (pl = pm = p; pm <= pe; pm++)
+    if (brclev || !*pe) {
+ globerr = "Missing }";
+ return (0);
+    }
+    for (pl = pm = p; pm <= pe; pm++) {
  switch (*pm & (QUOTE | TRIM)) {

  case '{':
@@ -352,19 +360,18 @@
  return (1);
      sort();
      pl = pm + 1;
-     if (brclev)
- return (0);
      continue;

  case '[':
      for (pm++; *pm && *pm != ']'; pm++)
  continue;
-     if (!*pm)
- pm--;
+     if (!*pm) {
+ globerr = "Missing ]";
+ return (0);
+     }
      continue;
  }
-    if (brclev)
- goto doit;
+    }
     return (0);
 }

@@ -416,11 +423,10 @@
  else if (scc == (lc = cc))
      ok++;
      }
-     if (cc == 0)
- if (ok)
-     p--;
- else
-     return 0;
+     if (cc == 0) {
+ globerr = "Missing ]";
+ return (0);
+     }
      continue;

  case '*':