Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack

(cherry picked from commit f9c2edb4dbc01a817989b70ca7726f177bb1a103)

Conflicts:
	ext/standard/ftp_fopen_wrapper.c

diff --git a/ext/standard/ftp_fopen_wrapper.c b/ext/standard/ftp_fopen_wrapper.c
index 10dcdb8006a6e18f74067f1f98ee85fcb91f4e64..a28b6c14b17c9a363408f5f0777ebdb9a50735b0 100644 (file)
--- a/ext/standard/ftp_fopen_wrapper.c
+++ b/ext/standard/ftp_fopen_wrapper.c
@@ -187,7 +187,8 @@ static php_stream *php_ftp_fopen_connect(php_stream_wrapper *wrapper, const char
                        /* get the response */
                        result = GET_FTP_RESULT(stream);
                        if (result != 334) {
-                               use_ssl = 0;
+                               php_stream_wrapper_log_error(wrapper, options, "Server doesn't support FTPS.");
+                               goto connect_errexit;
                        } else {
                                /* we must reuse the old SSL session id */
                                /* if we talk to an old ftpd-ssl */
@@ -707,7 +708,7 @@ php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, const char *pat
        if (result > 299 || result < 200)
                goto opendir_errexit;
 
-       // tmp_line isn't relevant after the php_fopen_do_pasv().  
+       // tmp_line isn't relevant after the php_fopen_do_pasv().
        tmp_line[0] = '\0';
 
        /* set up the passive connection */
@@ -735,7 +736,7 @@ php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, const char *pat
                php_stream_wrapper_log_error(wrapper, options, "Unable to activate SSL mode");
                php_stream_close(datastream);
                datastream = NULL;
-               goto opendir_errexit;   
+               goto opendir_errexit;
        }