From 919470cf7d44b541c704c209ee7db09bc6b3b6d7 Mon Sep 17 00:00:00 2001
From: yar <yar@FreeBSD.org>
Date: Wed, 31 Jul 2002 10:55:31 +0000
Subject: Deny the SIZE command on large files when in ASCII mode. This
 eliminates an opportunity for DoS attack.

Pointed out by:	maxim
Inspired by:	lukemftpd, OpenBSD
MFC after:	2 weeks
---
 libexec/ftpd/ftpcmd.y | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'libexec/ftpd/ftpcmd.y')

diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y
index 2ddbf75..d7ffc73 100644
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@@ -1068,6 +1068,8 @@ check_login_ro
 
 #define	MAXGLOBARGS	1000
 
+#define	MAXASIZE	10240	/* Deny ASCII SIZE on files larger than that */
+
 struct tab {
 	char	*name;
 	short	token;
@@ -1589,6 +1591,10 @@ sizecmd(char *filename)
 			reply(550, "%s: not a plain file.", filename);
 			(void) fclose(fin);
 			return;
+		} else if (stbuf.st_size > MAXASIZE) {
+			reply(550, "%s: too large for type A SIZE.", filename);
+			(void) fclose(fin);
+			return;
 		}
 
 		count = 0;
-- 
cgit v1.1