mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-05 16:10:55 +00:00
Prevent server-side glob(3) patterns from expanding
to a pathname that contains '\r' or '\n'. Together with the earlier STAT bugfix, this must solve the problem of such pathnames appearing in the FTP control stream.
This commit is contained in:
parent
f5732aa783
commit
b7f470a943
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=109685
|
@ -972,8 +972,10 @@ pathname
|
|||
*/
|
||||
if (logged_in && $1) {
|
||||
glob_t gl;
|
||||
char *p, **pp;
|
||||
int flags =
|
||||
GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE;
|
||||
int n;
|
||||
|
||||
memset(&gl, 0, sizeof(gl));
|
||||
flags |= GLOB_MAXPATH;
|
||||
|
@ -982,11 +984,22 @@ pathname
|
|||
gl.gl_pathc == 0) {
|
||||
reply(550, "wildcard expansion error");
|
||||
$$ = NULL;
|
||||
} else if (gl.gl_pathc > 1) {
|
||||
reply(550, "ambiguous");
|
||||
$$ = NULL;
|
||||
} else {
|
||||
$$ = strdup(gl.gl_pathv[0]);
|
||||
n = 0;
|
||||
for (pp = gl.gl_pathv; *pp; pp++)
|
||||
if (strcspn(*pp, "\r\n") ==
|
||||
strlen(*pp)) {
|
||||
p = *pp;
|
||||
n++;
|
||||
}
|
||||
if (n == 0)
|
||||
$$ = strdup($1);
|
||||
else if (n == 1)
|
||||
$$ = strdup(p);
|
||||
else {
|
||||
reply(550, "ambiguous");
|
||||
$$ = NULL;
|
||||
}
|
||||
}
|
||||
globfree(&gl);
|
||||
free($1);
|
||||
|
|
Loading…
Reference in a new issue