diff options
author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2002-04-25 10:58:06 +0000 |
---|---|---|
committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2002-04-25 10:58:06 +0000 |
commit | 4d1e24e832d95318066f653e8eedfffc40536be4 (patch) | |
tree | 301b4531501faff719746441692163caeec817f0 | |
parent | b7ed49ef73353dab09781f9bd91c26853b57a2ca (diff) |
avoid buffer overrun on PASV from malicious server.
http://online.securityfocus.com/archive/1/269356/2002-04-22/2002-04-28/0
-rw-r--r-- | usr.bin/ftp/ftp.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/usr.bin/ftp/ftp.c b/usr.bin/ftp/ftp.c index 14c2866b599..24990c955aa 100644 --- a/usr.bin/ftp/ftp.c +++ b/usr.bin/ftp/ftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ftp.c,v 1.43 2002/02/19 19:39:38 millert Exp $ */ +/* $OpenBSD: ftp.c,v 1.44 2002/04/25 10:58:05 itojun Exp $ */ /* $NetBSD: ftp.c,v 1.27 1997/08/18 10:20:23 lukem Exp $ */ /* @@ -67,7 +67,7 @@ #if 0 static char sccsid[] = "@(#)ftp.c 8.6 (Berkeley) 10/27/94"; #else -static char rcsid[] = "$OpenBSD: ftp.c,v 1.43 2002/02/19 19:39:38 millert Exp $"; +static char rcsid[] = "$OpenBSD: ftp.c,v 1.44 2002/04/25 10:58:05 itojun Exp $"; #endif #endif /* not lint */ @@ -400,9 +400,10 @@ getreply(expecteof) if (dig > 4 && pflag == 1 && isdigit(c)) pflag = 2; if (pflag == 2) { - if (c != '\r' && c != ')') - *pt++ = c; - else { + if (c != '\r' && c != ')') { + if (pt < &pasv[sizeof(pasv) - 1]) + *pt++ = c; + } else { *pt = '\0'; pflag = 3; } |