Skip to content
Permalink
Browse files Browse the repository at this point in the history
Flush the command buffer after switching to TLS.
Fixes a flaw similar to CVE-2011-0411.
  • Loading branch information
jedisct1 committed Mar 7, 2011
1 parent 67b0385 commit 65c4d4a
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions src/ftp_parser.c
Expand Up @@ -57,14 +57,20 @@ static void randomdelay(void)
* -Frank.
*/

static size_t scanned;
static size_t readnbd;

static void flush_cmd(void)
{
scanned = readnbd = (size_t) 0U;
}

int sfgets(void)
{
struct pollfd pfd;
int pollret;
ssize_t readnb;
signed char seen_r = 0;
static size_t scanned;
static size_t readnbd;

if (scanned > (size_t) 0U) { /* support pipelining */
readnbd -= scanned;
Expand Down Expand Up @@ -362,6 +368,7 @@ void parser(void)
addreply_noformat(234, "AUTH TLS OK.");
doreply();
if (tls_cnx == NULL) {
flush_cmd();
(void) tls_init_new_session();
}
goto wayout;
Expand Down

0 comments on commit 65c4d4a

Please sign in to comment.