else if((ftpc->count1 == 1) &&
(ftpcode == 227)) {
/* positive PASV response */
- int ip[4];
- int port[2];
+ unsigned int ip[4];
+ unsigned int port[2];
/*
* Scan for a sequence of six comma-separated numbers and use them as
* "227 Entering passive mode. 127,0,0,1,4,51"
*/
while(*str) {
- if(6 == sscanf(str, "%d,%d,%d,%d,%d,%d",
+ if(6 == sscanf(str, "%u,%u,%u,%u,%u,%u",
&ip[0], &ip[1], &ip[2], &ip[3],
&port[0], &port[1]))
break;
str++;
}
- if(!*str) {
+ if(!*str || (ip[0] > 255) || (ip[1] > 255) || (ip[2] > 255) ||
+ (ip[3] > 255) || (port[0] > 255) || (port[1] > 255) ) {
failf(data, "Couldn't interpret the 227-response");
return CURLE_FTP_WEIRD_227_FORMAT;
}
# certain hosts with buggy resolver code, the resulting address (192.0.2.127)
# is from an address block that is guaranteed never to be assigned (RFC3330).
<verify>
-# curl: (15) Can't resolve new host 1216.256.2.127:32639
-# 15 => CURLE_FTP_CANT_GET_HOST
-# some systems just don't fail on the illegal host name/address but instead
-# moves on and attempt to connect to... yes, to what?
-# 7= CURLE_COULDNT_CONNECT
+# 14 = CURLE_FTP_WEIRD_227_FORMAT
<errorcode>
-15, 7
+14
</errorcode>
<protocol>
USER anonymous\r
projects / curl / commitdiff