From bc1f7356d70aae99bd909a98b80128d71cef35a2 Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Sat, 24 Mar 2007 16:25:42 +0000 Subject: [PATCH] Fixed CRLF injection inside ftp_putcmd(). # Reported on BugTraq by loveshell[at]Bug.Center.Team --- ext/ftp/ftp.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c index 666f23c582..b6fd56bdb0 100644 --- a/ext/ftp/ftp.c +++ b/ext/ftp/ftp.c @@ -1096,12 +1096,18 @@ ftp_putcmd(ftpbuf_t *ftp, const char *cmd, const char *args) int size; char *data; + if (strpbrk(cmd, "\r\n")) { + return 0; + } /* build the output buffer */ if (args && args[0]) { /* "cmd args\r\n\0" */ if (strlen(cmd) + strlen(args) + 4 > FTP_BUFSIZE) { return 0; } + if (strpbrk(args, "\r\n")) { + return 0; + } size = slprintf(ftp->outbuf, sizeof(ftp->outbuf), "%s %s\r\n", cmd, args); } else { /* "cmd\r\n\0" */ -- 2.50.1