--- src/ftpd.c.orig	2010-06-29 16:24:04.000000000 +0400
+++ src/ftpd.c	2010-06-29 16:26:15.000000000 +0400
@@ -447,7 +447,6 @@
 #ifdef OPIE
 #include <opie.h>
 int pwok = 0;
-int af_pwok = 0;
 struct opie opiestate;
 #endif
 
@@ -785,6 +784,12 @@
     sigemptyset(&block_sigmask);
 #endif
 #ifndef SIG_DEBUG
+#ifdef SIGTERM
+    (void) signal(SIGTERM, randomsig);
+#ifdef NEED_SIGFIX
+    sigaddset(&block_sigmask, SIGTERM);
+#endif
+#endif
 #ifdef SIGHUP
     (void) signal(SIGHUP, randomsig);
 #ifdef NEED_SIGFIX
@@ -1219,10 +1224,6 @@
 	exit(0);
     }
 
-#ifdef OPIE
-    af_pwok = opieaccessfile(remotehost);
-#endif
-
 #ifdef HAVE_LIBRESOLV
     /* check permitted access based on remote host DNS information */
     if (!check_reverse_dns()) {
@@ -1387,8 +1388,7 @@
     chdir("/");
     signal(SIGIOT, SIG_DFL);
     signal(SIGILL, SIG_DFL);
-    exit(1);
-    /* dologout(-1); *//* NOTREACHED */
+    dologout(-1); /* NOTREACHED */
 }
 
 SIGNAL_TYPE lostconn(int sig)
@@ -1662,9 +1662,9 @@
     /* Display s/key challenge where appropriate. */
 
     if (pwd == NULL || skeychallenge(&skey, pwd->pw_name, sbuf))
-	sprintf(buf, "Password required for %s.", name);
+	snprintf(buf, sizeof(buf)-1, "Password required for %s.", name);
     else
-	sprintf(buf, "%s %s for %s.", sbuf,
+	snprintf(buf, sizeof(buf)-1, "%s %s for %s.", sbuf,
 		pwok ? "allowed" : "required", name);
     return (buf);
 }
@@ -2105,16 +2105,17 @@
 #ifdef OPIE
 	{
 	    char prompt[OPIE_CHALLENGE_MAX + 1];
-	    opiechallenge(&opiestate, name, prompt);
 
-	    if (askpasswd == -1) {
-		syslog(LOG_WARNING, "Invalid FTP user name %s attempted from %s", name, remotehost);
-		pwok = 0;
+	    if (opiechallenge(&opiestate, name, prompt) == 0) {
+		pwok = (pw != NULL) &&
+		       opieaccessfile(remotehost) &&
+		       opiealways(pw->pw_dir);
+		reply(331, "Response to %s %s for %s.",
+		      prompt, pwok ? "requested" : "required", name);
+	    } else {
+		pwok = 1;
+		reply(331, "Password required for %s.", name);
 	    }
-	    else
-		pwok = af_pwok && opiealways(pw->pw_dir);
-	    reply(331, "Response to %s %s for %s.",
-		  prompt, pwok ? "requested" : "required", name);
 	}
 #else
 	reply(331, "Password required for %s.", name);
@@ -2593,8 +2594,8 @@
 	    if (pw == NULL)
 		salt = "xx";
 	    else
-#ifndef OPIE
 		salt = pw->pw_passwd;
+#ifndef OPIE
 #ifdef SECUREOSF
 	    if ((pr = getprpwnam(pw->pw_name)) != NULL) {
 		if (pr->uflg.fg_newcrypt)
@@ -2627,9 +2628,15 @@
 	    xpasswd = crypt(passwd, salt);
 #endif /* SKEY */
 #else /* OPIE */
-	    if (!opieverify(&opiestate, passwd))
-		rval = 0;
-	    xpasswd = crypt(passwd, pw->pw_passwd);
+	    if (pw != NULL) {
+		if (opieverify(&opiestate, passwd) == 0)
+		    xpasswd = pw->pw_passwd;
+		else if (pwok)
+		    xpasswd = crypt(passwd, salt);
+		else
+		    pw = NULL;
+	    }
+	    pwok = 0;
 #endif /* OPIE */
 #ifdef ULTRIX_AUTH
 	    if ((numfails = ultrix_check_pass(passwd, xpasswd)) >= 0) {
@@ -3189,7 +3196,7 @@
 		  pw->pw_name, pw->pw_dir);
 	    goto bad;
 #else
-	    if (chdir("/") < 0) {
+	    if (restricted_user || chdir("/") < 0) {
 #ifdef VERBOSE_ERROR_LOGING
 		syslog(LOG_NOTICE, "FTP LOGIN FAILED (cannot chdir) for %s, %s",
 		       remoteident, pw->pw_name);
@@ -3508,7 +3515,7 @@
 {
     char *a;
     a = (char *) malloc(len + 1);
-    memset(a, ' ', len-1);
+    memset(a, ' ', len);
     a[len] = 0;
     if (strlen(s) <= len)
 	memcpy(a, s, strlen(s));
@@ -7469,6 +7476,8 @@
 	    in++;
 	    if (*in == '/')
 		in++;
+	    else
+		out++;
 	}
 	else if ((in[0] == '.') && (in[1] == '.') && ((in[2] == '/') || (in[2] == '\0'))) {
 	    if (out == path) {
@@ -7497,6 +7506,9 @@
 	}
 	else {
 	    do
+	      if ((in[0] == '*') && (in[1] == '*'))
+		in++;
+	      else
 		*out++ = *in++;
 	    while ((*in != '\0') && (*in != '/'));
 	    if (*in == '/')
