2006-12-19 Ulf Harnhammar [EMAIL PROTECTED]
* ftp-basic.c (ftp_syst): Fixes NULL dereferencing crash bug
when parsing SYST replies from FTP servers. Originally
reported by Federico L. Bossi Bonin:
http://www.milw0rm.com/exploits/2947
Index: src/ftp-basic.c
===
--- src/ftp-basic.c (revision 2197)
+++ src/ftp-basic.c (working copy)
@@ -1038,6 +1038,11 @@
/* Which system type has been reported (we are interested just in the
first word of the server response)? */
request = strtok (NULL, );
+ if (request == NULL)
+{
+ xfree (respline);
+ return FTPSRVERR;
+}
if (!strcasecmp (request, VMS))
*server_type = ST_VMS;