Fixed CRLF injection inside ftp_putcmd().

author Ilia Alshanetsky <iliaa@php.net>

Sat, 24 Mar 2007 16:25:42 +0000 (16:25 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Sat, 24 Mar 2007 16:25:42 +0000 (16:25 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Sat, 24 Mar 2007 16:25:42 +0000 (16:25 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Sat, 24 Mar 2007 16:25:42 +0000 (16:25 +0000)
diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c

index 666f23c582258054bdea5ae5f2d7f9a4788abbd2..b6fd56bdb0253399a22b439c9d7641ec1cea5659 100644 (file)
--- a/ext/ftp/ftp.c
+++ b/ext/ftp/ftp.c
@@ -1096,12 +1096,18 @@ ftp_putcmd(ftpbuf_t *ftp, const char *cmd, const char *args)
         int             size;
         char            *data;
  
+       if (strpbrk(cmd, "\r\n")) {
+               return 0;
+       } 
         /* build the output buffer */
         if (args && args[0]) {
                 /* "cmd args\r\n\0" */
                 if (strlen(cmd) + strlen(args) + 4 > FTP_BUFSIZE) {
                         return 0;
                 }
+               if (strpbrk(args, "\r\n")) {
+                       return 0;
+               }
                 size = slprintf(ftp->outbuf, sizeof(ftp->outbuf), "%s %s\r\n", cmd, args);
         } else {
                 /* "cmd\r\n\0" */
author	Ilia Alshanetsky <iliaa@php.net>
	Sat, 24 Mar 2007 16:25:42 +0000 (16:25 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Sat, 24 Mar 2007 16:25:42 +0000 (16:25 +0000)