forked from Lainports/freebsd-ports
31440623dd
FTP protocol (whereever the HTTP protocol could also be used). It provides both RETR/REST retrieval and STOR/APPE upload, using the same user/permissions model as httpd (so it shares the same security considerations as mod_dav plus mod_dav_fs). WWW: http://httpd.apache.org/mod_ftp/ Feature safe: yes
31 lines
1 KiB
Text
31 lines
1 KiB
Text
See:
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=51412
|
|
|
|
--- modules/ftp/ftp_commands.c 2009-09-21 15:09:19.000000000 -0400
|
|
+++ modules/ftp/ftp_commands.c 2011-06-21 14:58:42.000000000 -0400
|
|
@@ -1676,4 +1676,5 @@
|
|
{
|
|
ftp_connection *fc = ftp_get_module_config(r->connection->conn_config);
|
|
+ long pbsz;
|
|
char *endp;
|
|
|
|
@@ -1687,15 +1688,16 @@
|
|
}
|
|
|
|
- fc->pbsz = strtol(arg, &endp, 10);
|
|
+ pbsz = strtol(arg, &endp, 10);
|
|
/*
|
|
* Return 501 if we were unable to parse the argument or if there was a
|
|
* possibility of an overflow
|
|
*/
|
|
- if (((*arg == '\0') || (*endp != '\0')) || fc->pbsz < 0
|
|
- || fc->pbsz == LONG_MAX) {
|
|
+ if (((*arg == '\0') || (*endp != '\0')) || pbsz <= 0 || pbsz >= INT_MAX) {
|
|
fc->response_notes = "Could not parse PBSZ argument";
|
|
return FTP_REPLY_SYNTAX_ERROR;
|
|
}
|
|
|
|
+ fc->pbsz = pbsz;
|
|
+
|
|
fc->response_notes = apr_psprintf(r->pool, "PBSZ Command OK. "
|
|
"Protection buffer size set to %d",
|