summaryrefslogtreecommitdiff
path: root/libexec/ftpd/ftpcmd.y
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>1997-12-18 11:46:09 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>1997-12-18 11:46:09 +0000
commitda8717db0ff29cff89d1aca1d99caddf493925c7 (patch)
tree03c8dd5a523e4354f04961e177212c36394a10ce /libexec/ftpd/ftpcmd.y
parent0dceac64d9b19e6df87e8863c31be9c59aaf63ba (diff)
Be so specific about the exact details of a PORT command error, that we
strike fear into the hearts of attackers (naw, I bet not...)
Diffstat (limited to 'libexec/ftpd/ftpcmd.y')
-rw-r--r--libexec/ftpd/ftpcmd.y17
1 files changed, 13 insertions, 4 deletions
diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y
index b41fddfa71a..be802a883ec 100644
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@@ -161,13 +161,22 @@ cmd
| PORT check_login SP host_port CRLF
{
if ($2) {
- if ($4 || (portcheck && (ntohs(data_dest.sin_port) <
- IPPORT_RESERVED ||
+ if ($4) {
+ usedefault = 1;
+ reply(500,
+ "Illegal PORT rejected (range errors).");
+ } else if (portcheck &&
+ ntohs(data_dest.sin_port) < IPPORT_RESERVED) {
+ usedefault = 1;
+ reply(500,
+ "Illegal PORT rejected (reserved port).");
+ } else if (portcheck &&
memcmp(&data_dest.sin_addr,
&his_addr.sin_addr,
- sizeof data_dest.sin_addr)))) {
+ sizeof data_dest.sin_addr)) {
usedefault = 1;
- reply(500, "Illegal PORT rejected.");
+ reply(500,
+ "Illegal PORT rejected (address wrong).");
} else {
usedefault = 0;
if (pdata >= 0) {