romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-15 00:41:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

ftp: replace sscanf for PASV parsing

Browse source 
Closes #10590
This commit is contained in:
Daniel Stenberg 2023-02-23 10:52:59 +01:00
parent b0f54f27a9
commit dad74488fc
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 27 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

35
lib/ftp.c
View file

@ -1795,6 +1795,29 @@ static char *control_address(struct connectdata *conn)
return conn->primary_ip;
}
static bool match_pasv_6nums(const char *p,
unsigned int *array) /* 6 numbers */
{
int i;
for(i = 0; i < 6; i++) {
unsigned long num;
char *endp;
if(i) {
if(*p != ',')
return FALSE;
p++;
}
if(!ISDIGIT(*p))
return FALSE;
num = strtoul(p, &endp, 10);
if(num > 255)
return FALSE;
array[i] = (unsigned int)num;
p = endp;
}
return TRUE;
}
static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
int ftpcode)
{
@ -1847,8 +1870,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
else if((ftpc->count1 == 1) &&
(ftpcode == 227)) {
/* positive PASV response */
unsigned int ip[4] = {0, 0, 0, 0};
unsigned int port[2] = {0, 0};
unsigned int ip[6];
/*
* Scan for a sequence of six comma-separated numbers and use them as
@ -1860,15 +1882,12 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
* "227 Entering passive mode. 127,0,0,1,4,51"
*/
while(*str) {
if(6 == sscanf(str, "%u,%u,%u,%u,%u,%u",
&ip[0], &ip[1], &ip[2], &ip[3],
&port[0], &port[1]))
if(match_pasv_6nums(str, ip))
break;
str++;
}
if(!*str || (ip[0] > 255) || (ip[1] > 255) || (ip[2] > 255) ||
(ip[3] > 255) || (port[0] > 255) || (port[1] > 255) ) {
if(!*str) {
failf(data, "Couldn't interpret the 227-response");
return CURLE_FTP_WEIRD_227_FORMAT;
}
@ -1888,7 +1907,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
if(!ftpc->newhost)
return CURLE_OUT_OF_MEMORY;
ftpc->newport = (unsigned short)(((port[0]<<8) + port[1]) & 0xffff);
ftpc->newport = (unsigned short)(((ip[4]<<8) + ip[5]) & 0xffff);
}
else if(ftpc->count1 == 0) {
/* EPSV failed, move on to PASV */