source-changes: Re: CVS commit: basesrc/usr.bin/ftp

Subject: Re: CVS commit: basesrc/usr.bin/ftp
To: None <itojun@netbsd.org, lukem@netbsd.org>
From: enami tsugutomo <enami@sm.sony.co.jp>
List: source-changes
Date: 04/26/2002 10:03:29

Jun-ichiro itojun Hagino <itojun@netbsd.org> writes:

> Module Name:	basesrc
> Committed By:	itojun
> Date:		Thu Apr 25 10:55:44 UTC 2002
> 
> Modified Files:
> 	basesrc/usr.bin/ftp: ftp.c
> 
> Log Message:
> avoid buffer overrun on PASV from malicious server.
> http://online.securityfocus.com/archive/1/269356/2002-04-22/2002-04-28/0
> 
> 
> To generate a diff of this commit:
> cvs rdiff -r1.117 -r1.118 basesrc/usr.bin/ftp/ftp.c

After reading this diff, I'm curious about some points:

- Do we want to use pasv[] when truncation occured?

- When server doesn't send '\r' nor ')', NUL termination depends on
  bss initialization of pasv[], doesn't it?  So, it works only once.
  I'm not sure if this is guaranteed.

- The relationship with continuation line is unclear.  When server did
  same thing above, next line will be copied.

enami.