Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: basesrc/usr.bin/ftp



Jun-ichiro itojun Hagino <itojun%netbsd.org@localhost> writes:

> Module Name:  basesrc
> Committed By: itojun
> Date:         Thu Apr 25 10:55:44 UTC 2002
> 
> Modified Files:
>       basesrc/usr.bin/ftp: ftp.c
> 
> Log Message:
> avoid buffer overrun on PASV from malicious server.
> http://online.securityfocus.com/archive/1/269356/2002-04-22/2002-04-28/0
> 
> 
> To generate a diff of this commit:
> cvs rdiff -r1.117 -r1.118 basesrc/usr.bin/ftp/ftp.c

After reading this diff, I'm curious about some points:

- Do we want to use pasv[] when truncation occured?

- When server doesn't send '\r' nor ')', NUL termination depends on
  bss initialization of pasv[], doesn't it?  So, it works only once.
  I'm not sure if this is guaranteed.

- The relationship with continuation line is unclear.  When server did
  same thing above, next line will be copied.

enami.



Home | Main Index | Thread Index | Old Index