Re: [PHP-CVS] cvs: php4 /ext/ftp ftp.c ftp.h php_ftp.c php_ftp.h

Sun, 26 Jan 2003 21:16:40 -0800

This is a wonderful opportunity for a buffer overflow attack. There's a reason zend_parse_parameters() in PHP_FUNCTION(ftp_chmod) forces you to retrieve filename_len.
Please fix it.
Thanks,
Andi

At 02:54 AM 1/27/2003 +0000, Sara Golemon wrote:
+ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename)
+{
+       char buffer[1024];
+
+       if (ftp == NULL) {
+               return 0;
+       }
+
+       sprintf(buffer, "CHMOD %o %s", mode, filename);


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
























					Reply via email to