FTP "SYST" NULL dereferencing crash (found by someone else)

Ulf Harnhammar Tue, 19 Dec 2006 14:28:08 -0800

2006-12-19  Ulf Harnhammar  <[EMAIL PROTECTED]>

        * ftp-basic.c (ftp_syst): Fixes NULL dereferencing crash bug
        when parsing "SYST" replies from FTP servers. Originally
        reported by Federico L. Bossi Bonin:
        http://www.milw0rm.com/exploits/2947



Index: src/ftp-basic.c
===================================================================
--- src/ftp-basic.c     (revision 2197)
+++ src/ftp-basic.c     (working copy)
@@ -1038,6 +1038,11 @@
   /* Which system type has been reported (we are interested just in the
      first word of the server response)?  */
   request = strtok (NULL, " ");
+  if (request == NULL)
+    {
+      xfree (respline);
+      return FTPSRVERR;
+    }
 
   if (!strcasecmp (request, "VMS"))
     *server_type = ST_VMS;

FTP "SYST" NULL dereferencing crash (found by someone else)

Reply via email to