apache/nuttx-apps
1
0
Fork 0
mirror of https://github.com/apache/nuttx-apps.git synced 2025-10-20 21:41:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

apps/netutils/ftpc: Fix some cornercases that could cause FTP to access past the end of valid data.

Browse Source
This commit is contained in:
Gregory Nutt
2017-12-21 12:05:28 -06:00
parent 5600b287a5
commit ccee5daaf3
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
netutils/ftpc/ftpc_transfer.c
View File

@@ -211,7 +211,7 @@ static int ftp_cmd_pasv(FAR struct ftpc_session_s *session,
/* Skip over any leading stuff before important data begins */ /* Skip over any leading stuff before important data begins */
ptr = session->reply + 4; ptr = session->reply + 4;
while (!isdigit((int)*ptr)) while (*ptr != '\0' && !isdigit((int)*ptr))
{ {
ptr++; ptr++;
} }

19
netutils/ftpc/ftpc_utils.c
View File

@@ -86,6 +86,7 @@ int ftpc_nibble(char ch)
{ {
return (unsigned int)ch - 'a' + 10; return (unsigned int)ch - 'a' + 10;
} }
return ERROR; return ERROR;
} }
@@ -163,11 +164,11 @@ void ftpc_stripcrlf(FAR char *str)
len = strlen(str); len = strlen(str);
if (len > 0) if (len > 0)
{ {
ptr = str + len - 1; for (ptr = str + len - 1;
while (*ptr == '\r' || *ptr == '\n') len > 0 && (*ptr == '\r' || *ptr == '\n');
ptr--, len--;
{ {
*ptr = '\0'; *ptr = '\0';
ptr--;
} }
} }
} }
@@ -222,17 +223,19 @@ FAR char *ftpc_dequote(FAR const char *str)
/* Allocate space for a modifiable copy of the string */ /* Allocate space for a modifiable copy of the string */
len = strlen(str); len = strlen(str);
allocstr = (FAR char*)malloc(len+1); allocstr = (FAR char*)malloc(len + 1);
if (allocstr) if (allocstr)
{ {
/* Search the string */ /* Search the string */
ptr = allocstr; ptr = allocstr;
while (*str) while (*str != '\0')
{ {
/* Check for a quoted hex value */ /* Check for a quoted hex value (make sure that there are
* least 3 characters remaining in the string.
*/
if (str[0] == '%') if (len > 2 && str[0] == '%')
{ {
/* Extract the hex value */ /* Extract the hex value */
@@ -246,6 +249,7 @@ FAR char *ftpc_dequote(FAR const char *str)
*ptr++ = (char)(ms << 8 | ls); *ptr++ = (char)(ms << 8 | ls);
str += 3; str += 3;
len -= 3;
continue; continue;
} }
} }
@@ -254,6 +258,7 @@ FAR char *ftpc_dequote(FAR const char *str)
/* Just transfer the character */ /* Just transfer the character */
*ptr++ = *str++; *ptr++ = *str++;
len--;
} }
/* NUL terminate */ /* NUL terminate */