From 229c4409448cfa75f1fadf65bac9a37db2727cb4 Mon Sep 17 00:00:00 2001
From: danny <danny@FreeBSD.org>
Date: Sun, 26 Nov 2000 23:33:36 +0000
Subject: Prevent leakage of information about anonymous user's homedir via
 'QUOTE CWD'.

Reviewed by:	des
---
 libexec/ftpd/ftpcmd.y | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'libexec')

diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y
index 9e34221..c30acef 100644
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@@ -500,8 +500,12 @@ cmd
 		}
 	| CWD check_login CRLF
 		{
-			if ($2)
-				cwd(pw->pw_dir);
+			if ($2) {
+				if (guest)
+					cwd("/");
+				else
+					cwd(pw->pw_dir);
+			}
 		}
 	| CWD check_login SP pathname CRLF
 		{
-- 
cgit v1.1