CVSROOT: /cvs Module name: src Changes by: [EMAIL PROTECTED] 2008/09/12 10:12:08
Modified files:
libexec/ftpd : extern.h ftpcmd.y ftpd.c
Log message:
Don't split large commands into multiple commands on a 512-byte
boundary but just fail on them. This prevents CSRF-like attacks,
when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <[EMAIL PROTECTED]>.
ok millert@ martynas@
