ftp: avoid accessing EPSV response one byte past the NULL

author Daniel Stenberg <daniel@haxx.se>

Sun, 10 May 2026 22:18:53 +0000 (00:18 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Mon, 11 May 2026 06:07:24 +0000 (08:07 +0200)
author Daniel Stenberg <daniel@haxx.se>
Sun, 10 May 2026 22:18:53 +0000 (00:18 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Mon, 11 May 2026 06:07:24 +0000 (08:07 +0200)
diff --git a/lib/ftp.c b/lib/ftp.c

index 17cedb335398172b44694a9d21dc917601b97836..3f55f68d8287c3a3471c10ffc510467903067757 100644 (file)
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -2073,7 +2073,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
        ptr++;
        /* |||12345| */
        sep = ptr[0];
-      if((ptr[1] == sep) && (ptr[2] == sep) && ISDIGIT(ptr[3])) {
+      if(sep && (ptr[1] == sep) && (ptr[2] == sep) && ISDIGIT(ptr[3])) {
          const char *p = &ptr[3];
          curl_off_t num;
          if(curlx_str_number(&p, &num, 0xffff) || (*p != sep)) {
author	Daniel Stenberg <daniel@haxx.se>
	Sun, 10 May 2026 22:18:53 +0000 (00:18 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Mon, 11 May 2026 06:07:24 +0000 (08:07 +0200)