Opened 15 years ago

Last modified 15 years ago

#1460 closed Patch

Fix for certain FTP clients sending PORT commands

Reported by: dartonw Owned by:
Priority: normal Component: Other
Keywords: Cc: dartonw, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

Some FTP clients (CuteFTP is one, I believe) send
leading zeros in the IP portion of the PORT command,
e.g. "PORT 001,002,003,004,13,79". When an ip address
in this format (001.002.003.004) is passed to inet_addr
(), it is interpreted as octal. If 8 or 9 are present in the
IP, inet_addr() returns INADDR_NONE, and the PORT
command fails. This fix resolves that issue by converting
each octet of the IP to int and back to char to strip
leading zeros.

Attachments (1)

ControlSocket.cpp.2.patch (1.5 KB) - added by dartonw 15 years ago.
inet_addr patch to ControlSocket.cpp

Download all attachments as: .zip

Change History (3)

Changed 15 years ago by dartonw

Attachment: ControlSocket.cpp.2.patch added

inet_addr patch to ControlSocket.cpp

comment:1 Changed 15 years ago by Tim Kosse

Applied heavily modifed patch. Please make sure NOT to
introduce buffer overflows: The size of the number passed to
itoa wasn't checked. PORT 01234,0,0,0,0,0 did at best crash
the entire server.

comment:2 Changed 15 years ago by dartonw

Good point. I didn't account for malicious intent by users
sending literal commands.

Note: See TracTickets for help on using tickets.