|
|
FTP "SYST" NULL dereferencing crash (found by someone else): msg#00033web.wget.patches
2006-12-19 Ulf Harnhammar <metaur@xxxxxxxxx> * ftp-basic.c (ftp_syst): Fixes NULL dereferencing crash bug when parsing "SYST" replies from FTP servers. Originally reported by Federico L. Bossi Bonin: http://www.milw0rm.com/exploits/2947 Index: src/ftp-basic.c =================================================================== --- src/ftp-basic.c (revision 2197) +++ src/ftp-basic.c (working copy) @@ -1038,6 +1038,11 @@ /* Which system type has been reported (we are interested just in the first word of the server response)? */ request = strtok (NULL, " "); + if (request == NULL) + { + xfree (respline); + return FTPSRVERR; + } if (!strcasecmp (request, "VMS")) *server_type = ST_VMS; |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | A Rolex replica watch: 00033, Ingrid Denton |
|---|---|
| Next by Date: | Re: FTP "SYST" NULL dereferencing crash (found by someone else): 00033, Steven M. Schweda |
| Previous by Thread: | A Rolex replica watchi: 00033, Ingrid Denton |
| Next by Thread: | Re: FTP "SYST" NULL dereferencing crash (found by someone else): 00033, Steven M. Schweda |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |