From 37f46251fbc1e9c6866debd4fbaa9f469f897aae Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 6 May 2005 18:42:52 +0000
Subject: [PATCH] Check ftp user name for control characters.

---
 ext/standard/ftp_fopen_wrapper.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/ext/standard/ftp_fopen_wrapper.c b/ext/standard/ftp_fopen_wrapper.c
index 8572324f39..4bb21f7b82 100644
--- a/ext/standard/ftp_fopen_wrapper.c
+++ b/ext/standard/ftp_fopen_wrapper.c
@@ -208,7 +208,20 @@ static php_stream *php_ftp_fopen_connect(php_stream_wrapper *wrapper, char *path
 	/* send the user name */
 	php_stream_write_string(stream, "USER ");
 	if (resource->user != NULL) {
-		php_raw_url_decode(resource->user, strlen(resource->user));
+		unsigned char *s, *e;
+		int user_len = php_raw_url_decode(resource->user, strlen(resource->user));
+		
+		s = resource->user;
+		e = s + user_len;
+		/* check for control characters that should not be present in the user name */
+		while (s < e) {
+			if (iscntrl(*s)) {
+				php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid login %s", resource->user);
+				goto connect_errexit;
+			}
+			s++;
+		}
+		
 		php_stream_write_string(stream, resource->user);
 	} else {
 		php_stream_write_string(stream, "anonymous");
-- 
2.50.1