Good point, although it's only a POTENTIAL buffer overflow, and it's
limited to 2 bytes, so at least it's not exploitable. :-)
On Jul 5, 2007, at 9:05 AM, Tony Lewis wrote:
There is a buffer overflow in the following line of the proposed code:
sprintf(filecopy, "\"%.2047s\"", file);
It should be:
sprintf(filecopy, "\"%.2045s\"", file);
in order to leave room for the two quotes.
Tony
-----Original Message-----
From: Rich Cook [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 04, 2007 10:18 AM
To: [EMAIL PROTECTED]
Subject: bug and "patch": blank spaces in filenames causes looping
On OS X, if a filename on the FTP server contains spaces, and the
remote copy of the file is newer than the local, then wget gets
thrown into a loop of "No such file or directory" endlessly. I have
changed the following in ftp-simple.c, and this fixes the error.
Sorry, I don't know how to use the proper patch formatting, but it
should be clear.
==================================
the beginning of ftp_retr:
=================================
/* Sends RETR command to the FTP server. */
uerr_t
ftp_retr (int csock, const char *file)
{
char *request, *respline;
int nwritten;
uerr_t err;
/* Send RETR request. */
request = ftp_request ("RETR", file);
==================================
becomes:
==================================
/* Sends RETR command to the FTP server. */
uerr_t
ftp_retr (int csock, const char *file)
{
char *request, *respline;
int nwritten;
uerr_t err;
char filecopy[2048];
if (file[0] != '"') {
sprintf(filecopy, "\"%.2047s\"", file);
} else {
strncpy(filecopy, file, 2047);
}
/* Send RETR request. */
request = ftp_request ("RETR", filecopy);
--
Rich "wealthychef" Cook
925-784-3077
--
it takes many small steps to climb a mountain, but the view gets
better all the time.
--
Rich "wealthychef" Cook
925-784-3077
--
it takes many small steps to climb a mountain, but the view gets
better all the time.
