Subject: Re: CVS commit: basesrc/usr.bin/ftp
To: None <itojun@netbsd.org, lukem@netbsd.org>
From: enami tsugutomo <enami@sm.sony.co.jp>
List: source-changes
Date: 04/26/2002 10:03:29
Jun-ichiro itojun Hagino <itojun@netbsd.org> writes:
> Module Name: basesrc
> Committed By: itojun
> Date: Thu Apr 25 10:55:44 UTC 2002
>
> Modified Files:
> basesrc/usr.bin/ftp: ftp.c
>
> Log Message:
> avoid buffer overrun on PASV from malicious server.
> http://online.securityfocus.com/archive/1/269356/2002-04-22/2002-04-28/0
>
>
> To generate a diff of this commit:
> cvs rdiff -r1.117 -r1.118 basesrc/usr.bin/ftp/ftp.c
After reading this diff, I'm curious about some points:
- Do we want to use pasv[] when truncation occured?
- When server doesn't send '\r' nor ')', NUL termination depends on
bss initialization of pasv[], doesn't it? So, it works only once.
I'm not sure if this is guaranteed.
- The relationship with continuation line is unclear. When server did
same thing above, next line will be copied.
enami.