FTP: reject illegal port numbers in EPSV 229 responses

lib/ftp.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -1854,6 +1854,10 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
             break;
           }
         }
+        if(num > 0xffff) {
+          failf(data, "Illegal port number in EPSV reply");
+          return CURLE_FTP_WEIRD_PASV_REPLY;
+        }
         if(ptr) {
           newport = (unsigned short)(num & 0xffff);
 

tests/data/test238

@@ -9,7 +9,6 @@ FTP
 <reply>
 <servercmd>
 REPLY EPSV 229 Entering Passiv Mode (|||1000000|)
-REPLY PASV 227 Entering Passiv Mode (1216,256,2,127,127,127)
 </servercmd>
 </reply>
 
@@ -19,7 +18,7 @@ REPLY PASV 227 Entering Passiv Mode (1216,256,2,127,127,127)
 ftp
 </server>
  <name>
-FTP getting bad port in response to EPSV and in response to PASV
+FTP getting bad port in response to EPSV
  </name>
  <command>
 ftp://%HOSTIP:%FTPPORT/238
@@ -28,20 +27,16 @@ ftp://%HOSTIP:%FTPPORT/238
 
 # Verify data after the test has been "shot"
 <verify>
-# curl: (15) Can't resolve new host 1216.256.2.127:32639
+# 13 = CURLE_FTP_WEIRD_PASV_REPLY
-# 15 => CURLE_FTP_CANT_GET_HOST
-# some systems just don't fail on the illegal host name/address but instead
-# moves on and attempt to connect to... yes, to what?
-# 7= CURLE_COULDNT_CONNECT
 <errorcode>
-7, 15
+13
 </errorcode>
 <protocol>
 USER anonymous
 PASS ftp@example.com
 PWD
 EPSV
-PASV
+QUIT
 </protocol>
 </verify>
 </testcase>