aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2013-01-15 22:35:48 +0100
committerDaniel Stenberg <daniel@haxx.se>2013-01-15 22:35:48 +0100
commit533c31b78550603017f895180f301b760471c762 (patch)
tree780e5953b249ebabaf3cac2f1be3e47587000c53
parent7ab3ae0bf0666cc3766ddc5b9f4536d7e1f22565 (diff)
FTP: reject illegal port numbers in EPSV 229 responses
-rw-r--r--lib/ftp.c6
-rw-r--r--tests/data/test23813
2 files changed, 9 insertions, 10 deletions
diff --git a/lib/ftp.c b/lib/ftp.c
index 29b9743ec..352f12f44 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -1854,6 +1854,10 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
break;
}
}
+ if(num > 0xffff) {
+ failf(data, "Illegal port number in EPSV reply");
+ return CURLE_FTP_WEIRD_PASV_REPLY;
+ }
if(ptr) {
newport = (unsigned short)(num & 0xffff);
diff --git a/tests/data/test238 b/tests/data/test238
index 56f21ebf8..ea54509a1 100644
--- a/tests/data/test238
+++ b/tests/data/test238
@@ -9,7 +9,6 @@ FTP
<reply>
<servercmd>
REPLY EPSV 229 Entering Passiv Mode (|||1000000|)
-REPLY PASV 227 Entering Passiv Mode (1216,256,2,127,127,127)
</servercmd>
</reply>
@@ -19,7 +18,7 @@ REPLY PASV 227 Entering Passiv Mode (1216,256,2,127,127,127)
ftp
</server>
<name>
-FTP getting bad port in response to EPSV and in response to PASV
+FTP getting bad port in response to EPSV
</name>
<command>
ftp://%HOSTIP:%FTPPORT/238
@@ -28,20 +27,16 @@ ftp://%HOSTIP:%FTPPORT/238
# Verify data after the test has been "shot"
<verify>
-# curl: (15) Can't resolve new host 1216.256.2.127:32639
-# 15 => CURLE_FTP_CANT_GET_HOST
-# some systems just don't fail on the illegal host name/address but instead
-# moves on and attempt to connect to... yes, to what?
-# 7= CURLE_COULDNT_CONNECT
+# 13 = CURLE_FTP_WEIRD_PASV_REPLY
<errorcode>
-7, 15
+13
</errorcode>
<protocol>
USER anonymous
PASS ftp@example.com
PWD
EPSV
-PASV
+QUIT
</protocol>
</verify>
</testcase>