From: Daniel Stenberg Date: Tue, 15 Jan 2013 21:35:48 +0000 (+0100) Subject: FTP: reject illegal port numbers in EPSV 229 responses X-Git-Tag: curl-7_29_0~94 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=533c31b78550603017f895180f301b760471c762;p=thirdparty%2Fcurl.git FTP: reject illegal port numbers in EPSV 229 responses --- diff --git a/lib/ftp.c b/lib/ftp.c index 29b9743ec6..352f12f44c 100644 --- a/lib/ftp.c +++ b/lib/ftp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2013, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1854,6 +1854,10 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, break; } } + if(num > 0xffff) { + failf(data, "Illegal port number in EPSV reply"); + return CURLE_FTP_WEIRD_PASV_REPLY; + } if(ptr) { newport = (unsigned short)(num & 0xffff); diff --git a/tests/data/test238 b/tests/data/test238 index 56f21ebf85..ea54509a17 100644 --- a/tests/data/test238 +++ b/tests/data/test238 @@ -9,7 +9,6 @@ FTP REPLY EPSV 229 Entering Passiv Mode (|||1000000|) -REPLY PASV 227 Entering Passiv Mode (1216,256,2,127,127,127) @@ -19,7 +18,7 @@ REPLY PASV 227 Entering Passiv Mode (1216,256,2,127,127,127) ftp -FTP getting bad port in response to EPSV and in response to PASV +FTP getting bad port in response to EPSV ftp://%HOSTIP:%FTPPORT/238 @@ -28,20 +27,16 @@ ftp://%HOSTIP:%FTPPORT/238 # Verify data after the test has been "shot" -# curl: (15) Can't resolve new host 1216.256.2.127:32639 -# 15 => CURLE_FTP_CANT_GET_HOST -# some systems just don't fail on the illegal host name/address but instead -# moves on and attempt to connect to... yes, to what? -# 7= CURLE_COULDNT_CONNECT +# 13 = CURLE_FTP_WEIRD_PASV_REPLY -7, 15 +13 USER anonymous PASS ftp@example.com PWD EPSV -PASV +QUIT