From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Tue, 2 Sep 2025 19:06:12 +0000 (+0000)
Subject: FTP: Avoid null dereferences when handling ftp_port traffic (#2172)
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b65d815a1907e9313baca7f15071af28ef53a9aa;p=thirdparty%2Fsquid.git

FTP: Avoid null dereferences when handling ftp_port traffic (#2172)

`strchr` may return null if a deliminator is not found. Likewise,
if an `Http::HdrType::FTP_REASON` string is not found, nullptr would
be used in the %s formatter, leading to UB.
---

diff --git a/src/ftp/Parsing.cc b/src/ftp/Parsing.cc
index 5abab26c23..7b2224c5d3 100644
--- a/src/ftp/Parsing.cc
+++ b/src/ftp/Parsing.cc
@@ -61,6 +61,9 @@ Ftp::ParseProtoIpPort(const char *buf, Ip::Address &addr)
 
     s = e + 1;
     e = strchr(s, delim);
+    if (!e)
+        return false;
+
     char ip[MAX_IPSTRLEN];
     if (static_cast<size_t>(e - s) >= sizeof(ip))
         return false;
diff --git a/src/servers/FtpServer.cc b/src/servers/FtpServer.cc
index 4d3f8cecbb..6ee7db90b6 100644
--- a/src/servers/FtpServer.cc
+++ b/src/servers/FtpServer.cc
@@ -1226,7 +1226,7 @@ Ftp::PrintReply(MemBuf &mb, const HttpReply *reply, const char *const)
     if (header.has(Http::HdrType::FTP_STATUS)) {
         const char *reason = header.getStr(Http::HdrType::FTP_REASON);
         mb.appendf("%i %s\r\n", header.getInt(Http::HdrType::FTP_STATUS),
-                   (reason ? reason : nullptr));
+                   (reason ? reason : ""));
     }
 }