diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2013-01-15 22:35:48 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2013-01-15 22:35:48 +0100 |
| commit | 533c31b78550603017f895180f301b760471c762 (patch) | |
| tree | 780e5953b249ebabaf3cac2f1be3e47587000c53 | |
| parent | 7ab3ae0bf0666cc3766ddc5b9f4536d7e1f22565 (diff) | |
FTP: reject illegal port numbers in EPSV 229 responses
| -rw-r--r-- | lib/ftp.c | 6 | ||||
| -rw-r--r-- | tests/data/test238 | 13 |
2 files changed, 9 insertions, 10 deletions
@@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1854,6 +1854,10 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, break; } } + if(num > 0xffff) { + failf(data, "Illegal port number in EPSV reply"); + return CURLE_FTP_WEIRD_PASV_REPLY; + } if(ptr) { newport = (unsigned short)(num & 0xffff); diff --git a/tests/data/test238 b/tests/data/test238 index 56f21ebf8..ea54509a1 100644 --- a/tests/data/test238 +++ b/tests/data/test238 @@ -9,7 +9,6 @@ FTP <reply> <servercmd> REPLY EPSV 229 Entering Passiv Mode (|||1000000|) -REPLY PASV 227 Entering Passiv Mode (1216,256,2,127,127,127) </servercmd> </reply> @@ -19,7 +18,7 @@ REPLY PASV 227 Entering Passiv Mode (1216,256,2,127,127,127) ftp </server> <name> -FTP getting bad port in response to EPSV and in response to PASV +FTP getting bad port in response to EPSV </name> <command> ftp://%HOSTIP:%FTPPORT/238 @@ -28,20 +27,16 @@ ftp://%HOSTIP:%FTPPORT/238 # Verify data after the test has been "shot" <verify> -# curl: (15) Can't resolve new host 1216.256.2.127:32639 -# 15 => CURLE_FTP_CANT_GET_HOST -# some systems just don't fail on the illegal host name/address but instead -# moves on and attempt to connect to... yes, to what? -# 7= CURLE_COULDNT_CONNECT +# 13 = CURLE_FTP_WEIRD_PASV_REPLY <errorcode> -7, 15 +13 </errorcode> <protocol> USER anonymous
PASS ftp@example.com
PWD
EPSV
-PASV
+QUIT
</protocol> </verify> </testcase> |