diff options
author | Yaroslav Tykhiy <ytykhiy@gmail.com> | 2003-01-22 16:25:22 +0000 |
---|---|---|
committer | Yaroslav Tykhiy <ytykhiy@gmail.com> | 2003-01-22 16:25:22 +0000 |
commit | b7f470a94352e5d8a7c889bb348fb5e0ba817134 (patch) | |
tree | b278a2b7d3770a16ccdc7281cfd9c5686d1728f8 /libexec/ftpd/ftpcmd.y | |
parent | f5732aa7833652225e4d05d8b6d04de754c5053e (diff) | |
download | src-b7f470a94352e5d8a7c889bb348fb5e0ba817134.tar.gz src-b7f470a94352e5d8a7c889bb348fb5e0ba817134.zip |
Prevent server-side glob(3) patterns from expanding
to a pathname that contains '\r' or '\n'.
Together with the earlier STAT bugfix, this must solve
the problem of such pathnames appearing in the FTP control
stream.
Notes
Notes:
svn path=/head/; revision=109685
Diffstat (limited to 'libexec/ftpd/ftpcmd.y')
-rw-r--r-- | libexec/ftpd/ftpcmd.y | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y index 620154699746..8dcff537c7f4 100644 --- a/libexec/ftpd/ftpcmd.y +++ b/libexec/ftpd/ftpcmd.y @@ -972,8 +972,10 @@ pathname */ if (logged_in && $1) { glob_t gl; + char *p, **pp; int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE; + int n; memset(&gl, 0, sizeof(gl)); flags |= GLOB_MAXPATH; @@ -982,11 +984,22 @@ pathname gl.gl_pathc == 0) { reply(550, "wildcard expansion error"); $$ = NULL; - } else if (gl.gl_pathc > 1) { - reply(550, "ambiguous"); - $$ = NULL; } else { - $$ = strdup(gl.gl_pathv[0]); + n = 0; + for (pp = gl.gl_pathv; *pp; pp++) + if (strcspn(*pp, "\r\n") == + strlen(*pp)) { + p = *pp; + n++; + } + if (n == 0) + $$ = strdup($1); + else if (n == 1) + $$ = strdup(p); + else { + reply(550, "ambiguous"); + $$ = NULL; + } } globfree(&gl); free($1); |