Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [netbsd-3-1] src/libexec/ftpd
Module Name: src
Committed By: bouyer
Date: Thu Sep 18 19:28:23 UTC 2008
Modified Files:
src/libexec/ftpd [netbsd-3-1]: extern.h ftpcmd.y ftpd.c
Log Message:
Pull up following revision(s) (requested by lukem in ticket #1964):
libexec/ftpd/ftpd.c: revision 1.187 via patch
libexec/ftpd/extern.h: revision 1.58 via patch
libexec/ftpd/ftpcmd.y: revision 1.88 via patch
libexec/ftpd/version.h: patch
Don't split large commands into multiple commands; just fail on them.
This prevents CSRF-like attacks, when a web browser is used to access
an ftp server.
Reported by Maksymilian Arciemowicz <cxib%securityreason.com@localhost>.
Fix mostly derived from OpenBSD, written by Moritz Jodeit
<moritz%OpenBSD.o@localhost=
rg>
To generate a diff of this commit:
cvs rdiff -r1.52 -r1.52.6.1 src/libexec/ftpd/extern.h
cvs rdiff -r1.83 -r1.83.6.1 src/libexec/ftpd/ftpcmd.y
cvs rdiff -r1.164.2.1.4.6 -r1.164.2.1.4.7 src/libexec/ftpd/ftpd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index