114 lines
2.8 KiB
Diff
114 lines
2.8 KiB
Diff
|
Index: libexec/ftpd/ftpcmd.y
|
||
|
===================================================================
|
||
|
--- libexec/ftpd/ftpcmd.y (revision 185134)
|
||
|
+++ libexec/ftpd/ftpcmd.y (working copy)
|
||
|
@@ -1191,7 +1191,7 @@
|
||
|
/*
|
||
|
* getline - a hacked up version of fgets to ignore TELNET escape codes.
|
||
|
*/
|
||
|
-char *
|
||
|
+int
|
||
|
getline(char *s, int n, FILE *iop)
|
||
|
{
|
||
|
int c;
|
||
|
@@ -1207,7 +1207,7 @@
|
||
|
if (ftpdebug)
|
||
|
syslog(LOG_DEBUG, "command: %s", s);
|
||
|
tmpline[0] = '\0';
|
||
|
- return(s);
|
||
|
+ return(0);
|
||
|
}
|
||
|
if (c == 0)
|
||
|
tmpline[0] = '\0';
|
||
|
@@ -1244,13 +1244,24 @@
|
||
|
}
|
||
|
}
|
||
|
*cs++ = c;
|
||
|
- if (--n <= 0 || c == '\n')
|
||
|
+ if (--n <= 0) {
|
||
|
+ /*
|
||
|
+ * If command doesn't fit into buffer, discard the
|
||
|
+ * rest of the command and indicate truncation.
|
||
|
+ * This prevents the command to be split up into
|
||
|
+ * multiple commands.
|
||
|
+ */
|
||
|
+ while (c != '\n' && (c = getc(iop)) != EOF)
|
||
|
+ ;
|
||
|
+ return (-2);
|
||
|
+ }
|
||
|
+ if (c == '\n')
|
||
|
break;
|
||
|
}
|
||
|
got_eof:
|
||
|
sigprocmask(SIG_SETMASK, &osset, NULL);
|
||
|
if (c == EOF && cs == s)
|
||
|
- return (NULL);
|
||
|
+ return (-1);
|
||
|
*cs++ = '\0';
|
||
|
if (ftpdebug) {
|
||
|
if (!guest && strncasecmp("pass ", s, 5) == 0) {
|
||
|
@@ -1270,7 +1281,7 @@
|
||
|
syslog(LOG_DEBUG, "command: %.*s", len, s);
|
||
|
}
|
||
|
}
|
||
|
- return (s);
|
||
|
+ return (0);
|
||
|
}
|
||
|
|
||
|
static void
|
||
|
@@ -1300,9 +1311,14 @@
|
||
|
case CMD:
|
||
|
(void) signal(SIGALRM, toolong);
|
||
|
(void) alarm(timeout);
|
||
|
- if (getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) {
|
||
|
+ n = getline(cbuf, sizeof(cbuf)-1, stdin);
|
||
|
+ if (n == -1) {
|
||
|
reply(221, "You could at least say goodbye.");
|
||
|
dologout(0);
|
||
|
+ } else if (n == -2) {
|
||
|
+ reply(500, "Command too long.");
|
||
|
+ (void) alarm(0);
|
||
|
+ continue;
|
||
|
}
|
||
|
(void) alarm(0);
|
||
|
#ifdef SETPROCTITLE
|
||
|
Index: libexec/ftpd/extern.h
|
||
|
===================================================================
|
||
|
--- libexec/ftpd/extern.h (revision 185134)
|
||
|
+++ libexec/ftpd/extern.h (working copy)
|
||
|
@@ -46,7 +46,7 @@
|
||
|
void ftpd_logwtmp(char *, char *, struct sockaddr *addr);
|
||
|
int ftpd_pclose(FILE *);
|
||
|
FILE *ftpd_popen(char *, char *);
|
||
|
-char *getline(char *, int, FILE *);
|
||
|
+int getline(char *, int, FILE *);
|
||
|
void lreply(int, const char *, ...) __printflike(2, 3);
|
||
|
void makedir(char *);
|
||
|
void nack(char *);
|
||
|
Index: libexec/ftpd/ftpd.c
|
||
|
===================================================================
|
||
|
--- libexec/ftpd/ftpd.c (revision 185134)
|
||
|
+++ libexec/ftpd/ftpd.c (working copy)
|
||
|
@@ -2794,15 +2794,20 @@
|
||
|
myoob(void)
|
||
|
{
|
||
|
char *cp;
|
||
|
+ int ret;
|
||
|
|
||
|
if (!transflag) {
|
||
|
syslog(LOG_ERR, "Internal: myoob() while no transfer");
|
||
|
return (0);
|
||
|
}
|
||
|
cp = tmpline;
|
||
|
- if (getline(cp, 7, stdin) == NULL) {
|
||
|
+ ret = getline(cp, 7, stdin);
|
||
|
+ if (ret == -1) {
|
||
|
reply(221, "You could at least say goodbye.");
|
||
|
dologout(0);
|
||
|
+ } else if (ret == -2) {
|
||
|
+ /* Ignore truncated command. */
|
||
|
+ return (0);
|
||
|
}
|
||
|
upper(cp);
|
||
|
if (strcmp(cp, "ABOR\r\n") == 0) {
|