Deny the SIZE command on large files when in ASCII mode.

This eliminates an opportunity for DoS attack. Pointed out by: maxim Inspired by: lukemftpd, OpenBSD MFC after: 2 weeks
author: yar <yar@FreeBSD.org> 2002-07-31 10:55:31 +0000
committer: yar <yar@FreeBSD.org> 2002-07-31 10:55:31 +0000
commit: 919470cf7d44b541c704c209ee7db09bc6b3b6d7 (patch)
tree: 43c6579306afeeb06db9f56163775a4c58c1d242 /libexec/ftpd/ftpcmd.y
parent: d4e8ab46e4adf0199c3f8ba9ecdeb341a4fe2097 (diff)
download: FreeBSD-src-919470cf7d44b541c704c209ee7db09bc6b3b6d7.zip
FreeBSD-src-919470cf7d44b541c704c209ee7db09bc6b3b6d7.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y
index 2ddbf75..d7ffc73 100644
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@@ -1068,6 +1068,8 @@ check_login_ro
 
 #define	MAXGLOBARGS	1000
 
+#define	MAXASIZE	10240	/* Deny ASCII SIZE on files larger than that */
+
 struct tab {
 	char	*name;
 	short	token;
@@ -1589,6 +1591,10 @@ sizecmd(char *filename)
 			reply(550, "%s: not a plain file.", filename);
 			(void) fclose(fin);
 			return;
+		} else if (stbuf.st_size > MAXASIZE) {
+			reply(550, "%s: too large for type A SIZE.", filename);
+			(void) fclose(fin);
+			return;
 		}
 
 		count = 0;
author	yar <yar@FreeBSD.org>	2002-07-31 10:55:31 +0000
committer	yar <yar@FreeBSD.org>	2002-07-31 10:55:31 +0000
commit	919470cf7d44b541c704c209ee7db09bc6b3b6d7 (patch)
tree	43c6579306afeeb06db9f56163775a4c58c1d242 /libexec/ftpd/ftpcmd.y
parent	d4e8ab46e4adf0199c3f8ba9ecdeb341a4fe2097 (diff)
download	FreeBSD-src-919470cf7d44b541c704c209ee7db09bc6b3b6d7.zip FreeBSD-src-919470cf7d44b541c704c209ee7db09bc6b3b6d7.tar.gz