FTP SYST NULL dereferencing crash (found by someone else)

[Ulf Harnhammar]

2006-12-19  Ulf Harnhammar  [EMAIL PROTECTED]

* ftp-basic.c (ftp_syst): Fixes NULL dereferencing crash bug
when parsing SYST replies from FTP servers. Originally
reported by Federico L. Bossi Bonin:
http://www.milw0rm.com/exploits/2947


Index: src/ftp-basic.c
===
--- src/ftp-basic.c (revision 2197)
+++ src/ftp-basic.c (working copy)
@@ -1038,6 +1038,11 @@
   /* Which system type has been reported (we are interested just in the
  first word of the server response)?  */
   request = strtok (NULL,  );
+  if (request == NULL)
+{
+  xfree (respline);
+  return FTPSRVERR;
+}
 
   if (!strcasecmp (request, VMS))
 *server_type = ST_VMS;

Re: FTP SYST NULL dereferencing crash (found by someone else)

[Steven M. Schweda]

From: Ulf Harnhammar [EMAIL PROTECTED]

+  if (request == NULL)
+{
+  xfree (respline);
+  return FTPSRVERR;
+}

   Well, yeah, if you prefer returning an error code to trying a little
harder.  I prefer my change:

if (request == NULL)
  *server_type = ST_OTHER;

Why punish the user when the FTP server behaves badly?



   Steven M. Schweda   [EMAIL PROTECTED]
   382 South Warwick Street(+1) 651-699-9818
   Saint Paul  MN  55105-2547