iliaa Sat Mar 24 16:25:42 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/ftp ftp.c
Log:
Fixed CRLF injection inside ftp_putcmd().
# Reported on BugTraq by loveshell[at]Bug.Center.Team
http://cvs.php.net/viewvc.cgi/php-src/ext/ftp/ftp.c?r1=1.112.2.4.2.7&r2=1.112.2.4.2.8&diff_format=u
Index: php-src/ext/ftp/ftp.c
diff -u php-src/ext/ftp/ftp.c:1.112.2.4.2.7 php-src/ext/ftp/ftp.c:1.112.2.4.2.8
--- php-src/ext/ftp/ftp.c:1.112.2.4.2.7 Tue Feb 27 03:28:16 2007
+++ php-src/ext/ftp/ftp.c Sat Mar 24 16:25:42 2007
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: ftp.c,v 1.112.2.4.2.7 2007/02/27 03:28:16 iliaa Exp $ */
+/* $Id: ftp.c,v 1.112.2.4.2.8 2007/03/24 16:25:42 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -1096,12 +1096,18 @@
int size;
char *data;
+ if (strpbrk(cmd, "\r\n")) {
+ return 0;
+ }
/* build the output buffer */
if (args && args[0]) {
/* "cmd args\r\n\0" */
if (strlen(cmd) + strlen(args) + 4 > FTP_BUFSIZE) {
return 0;
}
+ if (strpbrk(args, "\r\n")) {
+ return 0;
+ }
size = slprintf(ftp->outbuf, sizeof(ftp->outbuf), "%s %s\r\n",
cmd, args);
} else {
/* "cmd\r\n\0" */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
