From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 6 May 2005 18:43:31 +0000 (+0000)
Subject: MFH: Check ftp user name for control characters.
X-Git-Tag: php-4.4.0RC1~78
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6b582b2c8532b3747f1804b920c74b168dd722df;p=php

MFH: Check ftp user name for control characters.
---

diff --git a/ext/standard/ftp_fopen_wrapper.c b/ext/standard/ftp_fopen_wrapper.c
index 7c1930f92d..b9b600e251 100644
--- a/ext/standard/ftp_fopen_wrapper.c
+++ b/ext/standard/ftp_fopen_wrapper.c
@@ -246,7 +246,20 @@ php_stream * php_stream_url_wrap_ftp(php_stream_wrapper *wrapper, char *path, ch
 	/* send the user name */
 	php_stream_write_string(stream, "USER ");
 	if (resource->user != NULL) {
-		php_raw_url_decode(resource->user, strlen(resource->user));
+		unsigned char *s, *e;
+		int user_len = php_raw_url_decode(resource->user, strlen(resource->user));
+		
+		s = resource->user;
+		e = s + user_len;
+		/* check for control characters that should not be present in the user name */
+		while (s < e) {
+			if (iscntrl(*s)) {
+				php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid login %s", resource->user);
+				goto connect_errexit;
+			}
+			s++;
+		}
+		
 		php_stream_write_string(stream, resource->user);
 	} else {
 		php_stream_write_string(stream, "anonymous");