diff options
author | cperciva <cperciva@FreeBSD.org> | 2008-12-23 01:23:09 +0000 |
---|---|---|
committer | cperciva <cperciva@FreeBSD.org> | 2008-12-23 01:23:09 +0000 |
commit | 87e5b5b6cc6762da9f114d35ecf216749cf3326a (patch) | |
tree | 38d46da5645345474a0905217752c15634071e36 /libexec/ftpd/ftpd.c | |
parent | bf71acb2ec827da5df24049a3bc2e0e5aaac04c9 (diff) | |
download | FreeBSD-src-87e5b5b6cc6762da9f114d35ecf216749cf3326a.zip FreeBSD-src-87e5b5b6cc6762da9f114d35ecf216749cf3326a.tar.gz |
Prevent cross-site forgery attacks on ftpd(8) due to splitting
long commands into multiple requests. [08:12]
Avoid calling uninitialized function pointers in protocol switch
code. [08:13]
Merry Christmas everybody...
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-08:12.ftpd, FreeBSD-SA-08:13.protosw
Diffstat (limited to 'libexec/ftpd/ftpd.c')
-rw-r--r-- | libexec/ftpd/ftpd.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index 5095f20..59dc71c 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -2794,15 +2794,20 @@ static int myoob(void) { char *cp; + int ret; if (!transflag) { syslog(LOG_ERR, "Internal: myoob() while no transfer"); return (0); } cp = tmpline; - if (getline(cp, 7, stdin) == NULL) { + ret = getline(cp, 7, stdin); + if (ret == -1) { reply(221, "You could at least say goodbye."); dologout(0); + } else if (ret == -2) { + /* Ignore truncated command. */ + return (0); } upper(cp); if (strcmp(cp, "ABOR\r\n") == 0) { |