File: 121-CVE-2007-2509_ftp.patch

package info (click to toggle)
php5 5.2.0%2Bdfsg-8%2Betch16
  • links: PTS
  • area: main
  • in suites: etch
  • size: 58,940 kB
  • ctags: 45,388
  • sloc: ansic: 533,605; sh: 17,835; php: 11,336; cpp: 4,289; xml: 3,809; yacc: 2,446; lex: 2,174; makefile: 1,150; tcl: 1,128; awk: 693; perl: 71; sql: 22; pascal: 15
file content (19 lines) | stat: -rw-r--r-- 478 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
 
--- old/ext/ftp/ftp.c	2007/02/27 03:28:16	1.112.2.4.2.7
+++ new/ext/ftp/ftp.c	2007/03/24 16:25:42	1.112.2.4.2.8
@@ -1096,10 +1096,16 @@
 	int		size;
 	char		*data;
 
+	if (strpbrk(cmd, "\r\n")) {
+		return 0;
+	} 
 	/* build the output buffer */
 	if (args && args[0]) {
 		/* "cmd args\r\n\0" */
 		if (strlen(cmd) + strlen(args) + 4 > FTP_BUFSIZE) {
+			return 0;
+		}
+		if (strpbrk(args, "\r\n")) {
 			return 0;
 		}
 		size = sprintf(ftp->outbuf, "%s %s\r\n", cmd, args);