diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2007-03-24 16:26:50 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2007-03-24 16:26:50 +0000 |
| commit | 75ad7747eb52b5b52d8009101edf2191b0c0ea4a (patch) | |
| tree | 65f34a528cd1bf456d8e4dec3fb1ab1a49913ef5 | |
| parent | 062443ea9794a1177bb0a19b17e965dff074e7dd (diff) | |
| download | php-git-75ad7747eb52b5b52d8009101edf2191b0c0ea4a.tar.gz | |
MFB: Fixed CRLF injection inside ftp_putcmd().
| -rw-r--r-- | ext/ftp/ftp.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c index 367eb3adf5..7ae5a60680 100644 --- a/ext/ftp/ftp.c +++ b/ext/ftp/ftp.c @@ -962,11 +962,19 @@ ftp_putcmd(ftpbuf_t *ftp, const char *cmd, const char *args) int size; char *data; + if (strpbrk(cmd, "\r\n")) { + return 0; + } + /* build the output buffer */ if (args && args[0]) { /* "cmd args\r\n\0" */ if (strlen(cmd) + strlen(args) + 4 > FTP_BUFSIZE) return 0; + + if (strpbrk(args, "\r\n")) { + return 0; + } size = sprintf(ftp->outbuf, "%s %s\r\n", cmd, args); } else { |