diff options
| author |   itojun <itojun@openbsd.org> | 2002-04-25 10:58:05 +0000 |
|---|---|---|
| committer | itojun <itojun@openbsd.org> | 2002-04-25 10:58:05 +0000 |
| commit | d767cd0b1b5f88a69aa62a8870600def4434170c (patch) | |
| tree | a8e19e3a2043d13a7280ced4ae51b869c409d858 | |
| parent | no need for __alignment__, it was paste error. from fgs/deraadt (diff) | |
| download | wireguard-openbsd-d767cd0b1b5f88a69aa62a8870600def4434170c.tar.xz wireguard-openbsd-d767cd0b1b5f88a69aa62a8870600def4434170c.zip | |
avoid buffer overrun on PASV from malicious server.
http://online.securityfocus.com/archive/1/269356/2002-04-22/2002-04-28/0
| -rw-r--r-- | usr.bin/ftp/ftp.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/usr.bin/ftp/ftp.c b/usr.bin/ftp/ftp.c index 14c2866b599..24990c955aa 100644 --- a/usr.bin/ftp/ftp.c +++ b/usr.bin/ftp/ftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ftp.c,v 1.43 2002/02/19 19:39:38 millert Exp $ */ +/* $OpenBSD: ftp.c,v 1.44 2002/04/25 10:58:05 itojun Exp $ */ /* $NetBSD: ftp.c,v 1.27 1997/08/18 10:20:23 lukem Exp $ */ /* @@ -67,7 +67,7 @@ #if 0 static char sccsid[] = "@(#)ftp.c 8.6 (Berkeley) 10/27/94"; #else -static char rcsid[] = "$OpenBSD: ftp.c,v 1.43 2002/02/19 19:39:38 millert Exp $"; +static char rcsid[] = "$OpenBSD: ftp.c,v 1.44 2002/04/25 10:58:05 itojun Exp $"; #endif #endif /* not lint */ @@ -400,9 +400,10 @@ getreply(expecteof) if (dig > 4 && pflag == 1 && isdigit(c)) pflag = 2; if (pflag == 2) { - if (c != '\r' && c != ')') - *pt++ = c; - else { + if (c != '\r' && c != ')') { + if (pt < &pasv[sizeof(pasv) - 1]) + *pt++ = c; + } else { *pt = '\0'; pflag = 3; } |