Skip to content

Commit 65c4d4a

Browse files
committed
Flush the command buffer after switching to TLS.
Fixes a flaw similar to CVE-2011-0411.
1 parent 67b0385 commit 65c4d4a

File tree

1 file changed

+9
-2
lines changed

1 file changed

+9
-2
lines changed

Diff for: src/ftp_parser.c

+9-2
Original file line numberDiff line numberDiff line change
@@ -57,14 +57,20 @@ static void randomdelay(void)
5757
* -Frank.
5858
*/
5959

60+
static size_t scanned;
61+
static size_t readnbd;
62+
63+
static void flush_cmd(void)
64+
{
65+
scanned = readnbd = (size_t) 0U;
66+
}
67+
6068
int sfgets(void)
6169
{
6270
struct pollfd pfd;
6371
int pollret;
6472
ssize_t readnb;
6573
signed char seen_r = 0;
66-
static size_t scanned;
67-
static size_t readnbd;
6874

6975
if (scanned > (size_t) 0U) { /* support pipelining */
7076
readnbd -= scanned;
@@ -362,6 +368,7 @@ void parser(void)
362368
addreply_noformat(234, "AUTH TLS OK.");
363369
doreply();
364370
if (tls_cnx == NULL) {
371+
flush_cmd();
365372
(void) tls_init_new_session();
366373
}
367374
goto wayout;

0 commit comments

Comments
 (0)