--- ftp.c.old	2000-08-09 01:27:24.000000000 +0200
+++ ftp.c	2006-02-11 23:28:08.000000000 +0100
@@ -166,7 +166,7 @@ get_passive_sock(UrlResource *rsrc, int 
 {
         unsigned char *addr;
         struct sockaddr_in sa;
-        int sock;
+        int sock, commas;
         int x;
         char *line, *orig_line;
 
@@ -185,6 +185,18 @@ get_passive_sock(UrlResource *rsrc, int 
                 return 0;
         }
 
+        commas = 0;
+        while (*line)
+                if (*line++ == ',')
+                        commas++;
+        line = orig_line;
+
+        if (commas < 5) {
+                safe_free(orig_line);
+                puts("can't parse PASV response");
+                return 0;
+        }
+
         if( !(sock = sock_init(&sa, control)) )
                 return -1;