Prevent cross-site forgery attacks on ftpd(8) due to splitting

long commands into multiple requests. [08:12] Avoid calling uninitialized function pointers in protocol switch code. [08:13] Merry Christmas everybody... Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-08:12.ftpd, FreeBSD-SA-08:13.protosw
author: cperciva <cperciva@FreeBSD.org> 2008-12-23 01:23:09 +0000
committer: cperciva <cperciva@FreeBSD.org> 2008-12-23 01:23:09 +0000
commit: 87e5b5b6cc6762da9f114d35ecf216749cf3326a (patch)
tree: 38d46da5645345474a0905217752c15634071e36 /libexec/ftpd/ftpd.c
parent: bf71acb2ec827da5df24049a3bc2e0e5aaac04c9 (diff)
download: FreeBSD-src-87e5b5b6cc6762da9f114d35ecf216749cf3326a.zip
FreeBSD-src-87e5b5b6cc6762da9f114d35ecf216749cf3326a.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index 5095f20..59dc71c 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -2794,15 +2794,20 @@ static int
 myoob(void)
 {
 	char *cp;
+	int ret;
 
 	if (!transflag) {
 		syslog(LOG_ERR, "Internal: myoob() while no transfer");
 		return (0);
 	}
 	cp = tmpline;
-	if (getline(cp, 7, stdin) == NULL) {
+	ret = getline(cp, 7, stdin);
+	if (ret == -1) {
 		reply(221, "You could at least say goodbye.");
 		dologout(0);
+	} else if (ret == -2) {
+		/* Ignore truncated command. */
+		return (0);
 	}
 	upper(cp);
 	if (strcmp(cp, "ABOR\r\n") == 0) {
author	cperciva <cperciva@FreeBSD.org>	2008-12-23 01:23:09 +0000
committer	cperciva <cperciva@FreeBSD.org>	2008-12-23 01:23:09 +0000
commit	87e5b5b6cc6762da9f114d35ecf216749cf3326a (patch)
tree	38d46da5645345474a0905217752c15634071e36 /libexec/ftpd/ftpd.c
parent	bf71acb2ec827da5df24049a3bc2e0e5aaac04c9 (diff)
download	FreeBSD-src-87e5b5b6cc6762da9f114d35ecf216749cf3326a.zip FreeBSD-src-87e5b5b6cc6762da9f114d35ecf216749cf3326a.tar.gz