[Midnightbsd-cvs] [MidnightBSD/src] 1de512: The passive mode in FTP communication allows an ou...
Lucas Holt
noreply at github.com
Wed Aug 25 01:30:12 EDT 2021
Branch: refs/heads/stable/2.0
Home: https://github.com/MidnightBSD/src
Commit: 1de512a30fe8a822c6d7e67b2608c3eb219a5185
https://github.com/MidnightBSD/src/commit/1de512a30fe8a822c6d7e67b2608c3eb219a5185
Author: Lucas Holt <luke at foolishgames.com>
Date: 2021-08-25 (Wed, 25 Aug 2021)
Changed paths:
M lib/libfetch/ftp.c
Log Message:
-----------
The passive mode in FTP communication allows an out of boundary read while
libfetch uses strtol to parse the relevant numbers into address bytes. It
does not check if the line ends prematurely. If it does, the for-loop
condition checks for *p == '\0' one byte too late because p++ was already
performed.
Obtained from: FreeBSD
More information about the Midnightbsd-cvs
mailing list