]> granicus.if.org Git - curl/commit
projects / curl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8351ab4) | patch
ftp: reject illegal IP/port in PASV 227 response
authorDaniel Stenberg <daniel@haxx.se>
Thu, 19 Oct 2017 12:41:14 +0000 (14:41 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Fri, 20 Oct 2017 13:06:25 +0000 (15:06 +0200)
commit769647e714b8da41bdb72720bf02dce56033e02e
tree3d82a374ee3f68721515637042a5bd01b4ebbbdbtree | snapshot
parent8351ab45105c3e58c38205c045477198ff887829commit | diff
ftp: reject illegal IP/port in PASV 227 response

... by using range checks. Among other things, this avoids an undefined
behavior for a left shift that could happen on negative or very large
values.

Closes #1997

Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
lib/ftp.c diff | blob | history
tests/data/test237 diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.