Better handling of some boundary conditions.

Submitted by:	ume

2 files changed, 9 insertions, 4 deletions

diff --git a/lib/libfetch/ftp.c b/lib/libfetch/ftp.c
index fab45f5..9eb052d 100644
--- a/lib/libfetch/ftp.c
+++ b/lib/libfetch/ftp.c
@@ -100,7 +100,8 @@ static size_t lr_size, lr_length;
 static int last_code;
 
 #define isftpreply(foo) (isdigit(foo[0]) && isdigit(foo[1]) \
-			 && isdigit(foo[2]) && foo[3] == ' ')
+			 && isdigit(foo[2]) \
+                         && (foo[3] == ' ' || foo[3] == '\0'))
 #define isftpinfo(foo) (isdigit(foo[0]) && isdigit(foo[1]) \
 			&& isdigit(foo[2]) && foo[3] == '-')
 
@@ -238,11 +239,13 @@ _ftp_transfer(int cd, char *oper, char *file,
          * is IMHO the one and only weak point in the FTP protocol.
 	 */
 	ln = last_reply;
-	for (p = ln + 3; !isdigit(*p); p++)
+	for (p = ln + 3; *p && !isdigit(*p); p++)
 	    /* nothing */ ;
-	for (p--, i = 0; i < 6; i++) {
-	    p++; /* skip the comma */
+	for (i = 0; *p, i < 6; i++, p++)
 	    addr[i] = strtol(p, &p, 10);
+	if (i < 6) {
+	    e = 999;
+	    goto ouch;
 	}
 
 	/* seek to required offset */
diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c
index a395881..a61ef9a 100644
--- a/lib/libfetch/http.c
+++ b/lib/libfetch/http.c
@@ -135,6 +135,8 @@ _http_fillbuf(struct cookie *c)
     } else if (c->encoding == ENC_CHUNKED) {
 	if (c->chunksize == 0) {
 	    ln = fgetln(c->real_f, &len);
+	    if (len <= 2)
+		return NULL;
 	    DEBUG(fprintf(stderr, "\033[1m_http_fillbuf(): new chunk: "
 			  "%*.*s\033[m\n", (int)len-2, (int)len-2, ln));
 	    sscanf(ln, "%x", &(c->chunksize));