1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

FTP: reject illegal port numbers in EPSV 229 responses

This commit is contained in:
Daniel Stenberg 2013-01-15 22:35:48 +01:00
parent 7ab3ae0bf0
commit 533c31b785
2 changed files with 9 additions and 10 deletions

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -1854,6 +1854,10 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
break; break;
} }
} }
if(num > 0xffff) {
failf(data, "Illegal port number in EPSV reply");
return CURLE_FTP_WEIRD_PASV_REPLY;
}
if(ptr) { if(ptr) {
newport = (unsigned short)(num & 0xffff); newport = (unsigned short)(num & 0xffff);

View File

@ -9,7 +9,6 @@ FTP
<reply> <reply>
<servercmd> <servercmd>
REPLY EPSV 229 Entering Passiv Mode (|||1000000|) REPLY EPSV 229 Entering Passiv Mode (|||1000000|)
REPLY PASV 227 Entering Passiv Mode (1216,256,2,127,127,127)
</servercmd> </servercmd>
</reply> </reply>
@ -19,7 +18,7 @@ REPLY PASV 227 Entering Passiv Mode (1216,256,2,127,127,127)
ftp ftp
</server> </server>
<name> <name>
FTP getting bad port in response to EPSV and in response to PASV FTP getting bad port in response to EPSV
</name> </name>
<command> <command>
ftp://%HOSTIP:%FTPPORT/238 ftp://%HOSTIP:%FTPPORT/238
@ -28,20 +27,16 @@ ftp://%HOSTIP:%FTPPORT/238
# Verify data after the test has been "shot" # Verify data after the test has been "shot"
<verify> <verify>
# curl: (15) Can't resolve new host 1216.256.2.127:32639 # 13 = CURLE_FTP_WEIRD_PASV_REPLY
# 15 => CURLE_FTP_CANT_GET_HOST
# some systems just don't fail on the illegal host name/address but instead
# moves on and attempt to connect to... yes, to what?
# 7= CURLE_COULDNT_CONNECT
<errorcode> <errorcode>
7, 15 13
</errorcode> </errorcode>
<protocol> <protocol>
USER anonymous USER anonymous
PASS ftp@example.com PASS ftp@example.com
PWD PWD
EPSV EPSV
PASV QUIT
</protocol> </protocol>
</verify> </verify>
</testcase> </testcase>