summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2002-04-25 10:58:06 +0000
committerJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2002-04-25 10:58:06 +0000
commit4d1e24e832d95318066f653e8eedfffc40536be4 (patch)
tree301b4531501faff719746441692163caeec817f0
parentb7ed49ef73353dab09781f9bd91c26853b57a2ca (diff)
avoid buffer overrun on PASV from malicious server.
http://online.securityfocus.com/archive/1/269356/2002-04-22/2002-04-28/0
-rw-r--r--usr.bin/ftp/ftp.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/usr.bin/ftp/ftp.c b/usr.bin/ftp/ftp.c
index 14c2866b599..24990c955aa 100644
--- a/usr.bin/ftp/ftp.c
+++ b/usr.bin/ftp/ftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ftp.c,v 1.43 2002/02/19 19:39:38 millert Exp $ */
+/* $OpenBSD: ftp.c,v 1.44 2002/04/25 10:58:05 itojun Exp $ */
/* $NetBSD: ftp.c,v 1.27 1997/08/18 10:20:23 lukem Exp $ */
/*
@@ -67,7 +67,7 @@
#if 0
static char sccsid[] = "@(#)ftp.c 8.6 (Berkeley) 10/27/94";
#else
-static char rcsid[] = "$OpenBSD: ftp.c,v 1.43 2002/02/19 19:39:38 millert Exp $";
+static char rcsid[] = "$OpenBSD: ftp.c,v 1.44 2002/04/25 10:58:05 itojun Exp $";
#endif
#endif /* not lint */
@@ -400,9 +400,10 @@ getreply(expecteof)
if (dig > 4 && pflag == 1 && isdigit(c))
pflag = 2;
if (pflag == 2) {
- if (c != '\r' && c != ')')
- *pt++ = c;
- else {
+ if (c != '\r' && c != ')') {
+ if (pt < &pasv[sizeof(pasv) - 1])
+ *pt++ = c;
+ } else {
*pt = '\0';
pflag = 3;
}