FTP: Avoid null dereferences when handling ftp_port traffic (#2172)

`strchr` may return null if a deliminator is not found. Likewise,
if an `Http::HdrType::FTP_REASON` string is not found, nullptr would
be used in the %s formatter, leading to UB.

diff --git a/src/ftp/Parsing.cc b/src/ftp/Parsing.cc
index 5abab26c2323f1677f3b4bc576b50cdb6494af4b..7b2224c5d30fd42093615eab8add20806c720c65 100644 (file)
--- a/src/ftp/Parsing.cc
+++ b/src/ftp/Parsing.cc
@@ -61,6 +61,9 @@ Ftp::ParseProtoIpPort(const char *buf, Ip::Address &addr)
 
     s = e + 1;
     e = strchr(s, delim);
+    if (!e)
+        return false;
+
     char ip[MAX_IPSTRLEN];
     if (static_cast<size_t>(e - s) >= sizeof(ip))
         return false;

diff --git a/src/servers/FtpServer.cc b/src/servers/FtpServer.cc
index 4d3f8cecbbdb0c144d39df5f6fa4894c051d9a1e..6ee7db90b695673c36904a51d34f41e883ef9fd8 100644 (file)
--- a/src/servers/FtpServer.cc
+++ b/src/servers/FtpServer.cc
@@ -1226,7 +1226,7 @@ Ftp::PrintReply(MemBuf &mb, const HttpReply *reply, const char *const)
     if (header.has(Http::HdrType::FTP_STATUS)) {
         const char *reason = header.getStr(Http::HdrType::FTP_REASON);
         mb.appendf("%i %s\r\n", header.getInt(Http::HdrType::FTP_STATUS),
-                   (reason ? reason : nullptr));
+                   (reason ? reason : ""));
     }
 }