Fix libfetch out of bounds read.

Approved by: so Security: SA-21:15.libfetch Security: CVE-2021-36159
2024-07-23 03:06:48 +00:00 · 2021-08-24 10:59:01 -07:00 · 2021-08-24 10:59:01 -07:00 · 64ae2f785e
parent 91a8bed5a4
commit 64ae2f785e
1 changed files with 4 additions and 1 deletions
--- a/lib/libfetch/ftp.c
+++ b/lib/libfetch/ftp.c
@ -704,8 +704,11 @@ ftp_transfer(conn_t *conn, const char *oper, const char *file,
 				goto ouch;
 			}
 			l = (e == FTP_PASSIVE_MODE ? 6 : 21);
-			for (i = 0; *p && i < l; i++, p++)
+			for (i = 0; *p && i < l; i++, p++) {
 				addr[i] = strtol(p, &p, 10);
+				if (*p == '\0' && i < l - 1)
+					break;
+			}
 			if (i < l) {
 				e = FTP_PROTOCOL_ERROR;
 				goto ouch;