1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

FTP: reject illegal port numbers in EPSV 229 responses

This commit is contained in:
Daniel Stenberg 2013-01-15 22:35:48 +01:00
parent 7ab3ae0bf0
commit 533c31b785
2 changed files with 9 additions and 10 deletions

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -1854,6 +1854,10 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
break;
}
}
if(num > 0xffff) {
failf(data, "Illegal port number in EPSV reply");
return CURLE_FTP_WEIRD_PASV_REPLY;
}
if(ptr) {
newport = (unsigned short)(num & 0xffff);

View File

@ -9,7 +9,6 @@ FTP
<reply>
<servercmd>
REPLY EPSV 229 Entering Passiv Mode (|||1000000|)
REPLY PASV 227 Entering Passiv Mode (1216,256,2,127,127,127)
</servercmd>
</reply>
@ -19,7 +18,7 @@ REPLY PASV 227 Entering Passiv Mode (1216,256,2,127,127,127)
ftp
</server>
<name>
FTP getting bad port in response to EPSV and in response to PASV
FTP getting bad port in response to EPSV
</name>
<command>
ftp://%HOSTIP:%FTPPORT/238
@ -28,20 +27,16 @@ ftp://%HOSTIP:%FTPPORT/238
# Verify data after the test has been "shot"
<verify>
# curl: (15) Can't resolve new host 1216.256.2.127:32639
# 15 => CURLE_FTP_CANT_GET_HOST
# some systems just don't fail on the illegal host name/address but instead
# moves on and attempt to connect to... yes, to what?
# 7= CURLE_COULDNT_CONNECT
# 13 = CURLE_FTP_WEIRD_PASV_REPLY
<errorcode>
7, 15
13
</errorcode>
<protocol>
USER anonymous
PASS ftp@example.com
PWD
EPSV
PASV
QUIT
</protocol>
</verify>
</testcase>