Subject: Re: CVS commit: basesrc/usr.bin/ftp
To: None <,>
From: enami tsugutomo <>
List: source-changes
Date: 04/26/2002 10:03:29
Jun-ichiro itojun Hagino <> writes:

> Module Name:	basesrc
> Committed By:	itojun
> Date:		Thu Apr 25 10:55:44 UTC 2002
> Modified Files:
> 	basesrc/usr.bin/ftp: ftp.c
> Log Message:
> avoid buffer overrun on PASV from malicious server.
> To generate a diff of this commit:
> cvs rdiff -r1.117 -r1.118 basesrc/usr.bin/ftp/ftp.c

After reading this diff, I'm curious about some points:

- Do we want to use pasv[] when truncation occured?

- When server doesn't send '\r' nor ')', NUL termination depends on
  bss initialization of pasv[], doesn't it?  So, it works only once.
  I'm not sure if this is guaranteed.

- The relationship with continuation line is unclear.  When server did
  same thing above, next line will be copied.