romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-30 07:27:50 +03:00
Code Issues Projects Releases Packages Wiki Activity

ftp: improve fragile check for first digit > 3

Browse source 
In a case where rubbish would be sent in the line something that isn't a
digit could be first in line and treated as less than '3'. Prevent this
risk by first doing a check that the byte is a digit.

Reported-by: Joshua Rogers
Closes #18870
This commit is contained in:
Daniel Stenberg 2025-10-06 10:20:45 +02:00
parent 172e190c79
commit 6ef4871f5d
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
lib/ftp.c
View file

@ -449,11 +449,14 @@ static CURLcode ftp_check_ctrl_on_data_wait(struct Curl_easy *data,
bool response = FALSE;
/* First check whether there is a cached response from server */
if(curlx_dyn_len(&pp->recvbuf) && (*curlx_dyn_ptr(&pp->recvbuf) > '3')) {
/* Data connection could not be established, let's return */
infof(data, "There is negative response in cache while serv connect");
(void)getftpresponse(data, &nread, &ftpcode);
return CURLE_FTP_ACCEPT_FAILED;
if(curlx_dyn_len(&pp->recvbuf)) {
const char *l = curlx_dyn_ptr(&pp->recvbuf);
if(!ISDIGIT(*l) || (*l > '3')) {
/* Data connection could not be established, let's return */
infof(data, "There is negative response in cache while serv connect");
(void)getftpresponse(data, &nread, &ftpcode);
return CURLE_FTP_ACCEPT_FAILED;
}
}
if(pp->overflow)