Stuart Ballard wrote: > > Rip Toren wrote: [snip] > I have to wonder though if there's a better way to solve this bug than > just block access to port 25. Isn't it sufficient to refuse to connect > to an ftp URL if CR or LF appear in the username or password (because > those characters are part of the protocol and no real ftp server could > ever accept them)? That way even if someone runs an SMTP server on the > ftp port, you *still* can't abuse it. > Hmmm, now that sounds like a pretty reasonable way to actually fix the problem once and for all, instead of merely covering it up. Probably could even make it a single strcspn() call. Five'll get you ten they don't do it. > Stuart.
- Re: More top-secret BS commits with hidden... Clarence (Andreas M. Schneider)
- Re: More top-secret BS commits with h... Rip Toren
- Re: More top-secret BS commits wi... Clarence (Andreas M. Schneider)
- Re: More top-secret BS commit... Rip Toren
- Re: More top-secret BS co... hume . spamfilter
- Re: More top-secret BS co... Clarence (Andreas M. Schneider)
- Re: More top-secret ... Rip Toren
- Re: More top-sec... Stuart Ballard
- Re: More top-sec... Stuart Ballard
- Re: More top-sec... Jeffrey W. Baker
- Re: More top-sec... JTK
- Re: More top-sec... hume . spamfilter
- Re: More top-sec... Adam James Fitzpatrick
- Re: More top-sec... Rip Toren
- Re: More top-sec... Clarence (Andreas M. Schneider)
- Re: More top-sec... Mitchell Stoltz
- Re: More top-secret ... Jay Garcia
- Re: More top-sec... Clarence (Andreas M. Schneider)
- Re: More top-secret BS commits with hidden... David Hallowell
- Re: More top-secret BS commits with h... Gervase Markham
- Re: More top-secret BS commits with hidden... Gervase Markham
