Skip to content
Permalink
Browse files Browse the repository at this point in the history
Anonymous configuration fix, base thread vulnerability fix. v0.3.1
  • Loading branch information
kolya5544 committed Feb 9, 2020
1 parent 9295f42 commit 17a6ead
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 44 deletions.
44 changes: 10 additions & 34 deletions BearFTP/Program.cs
Expand Up @@ -495,36 +495,12 @@ static void Main(string[] args)
while (client.Connected)
{
Thread.Sleep(100);
//Receiving handler START
string answ = "";
bool flag = true;
bool upper = true;
while (flag)
{
int a = sr.Read();
if (upper)
{
answ += char.ToUpper((char)a);
} else
{
answ += (char)a;
}
if (a == 13)
{
flag = false;
}
if (a == 0x20)
{
upper = false;
}
if (answ.Length > 128)
{
client.Close();
}
}
answ = answ.Trim();
//Receiving handler END
string answ = sr.ReadLine(); //Who'd think this ACTUALLY works. BUT: It's doesnt work on Linux? (Needs testing)
//Tested on Ubuntu 16.04 client and 18.04 server. Seems to work!
string upperfix = answ.Split(' ')[0].ToUpper();
answ.Replace(answ.Split(' ')[0], upperfix); //Fixing the lowercase commands an easy way
//Command processing.
if (answ.Length >= 3) //We dont want dummies to spam/DDoS.
Expand Down Expand Up @@ -558,7 +534,7 @@ static void Main(string[] args)
{
string temp = answ.Substring(5).Trim();
Regex r = new Regex("^[a-zA-Z0-9]*$");
if (r.IsMatch(temp) && temp.Length < 32 && temp.Length > 1 && (temp != "anonymous" && !AllowAnonymous))
if (r.IsMatch(temp) && temp.Length < 32 && temp.Length > 1 && (temp != "anonymous" || AllowAnonymous))
{
username = temp;
LogWrite("331 This user is protected with password\r\n", sw, hostname, perip);
Expand Down Expand Up @@ -644,16 +620,16 @@ static void Main(string[] args)
LogWrite("150 Ok to send data.\r\n", sw, hostname, perip);
Thread.Sleep(100);
List<byte> filess = new List<byte>();
var bytes = default(byte[]);
var bytess = default(byte[]);
using (var memstream = new MemoryStream())
{
var buffer = new byte[512];
var bytesRead = default(int);
while ((bytesRead = connn.sr.BaseStream.Read(buffer, 0, buffer.Length)) > 0)
memstream.Write(buffer, 0, bytesRead);
bytes = memstream.ToArray();
bytess = memstream.ToArray();
}
System.IO.File.WriteAllBytes("dumps/dump_i" + rnd.Next(1, 2000000000).ToString() + ".txt", bytes);
System.IO.File.WriteAllBytes("dumps/dump_i" + rnd.Next(1, 2000000000).ToString() + ".txt", bytess);
Thread.Sleep(200);
LogWrite("226 Transfer complete!\r\n", sw, hostname, perip);
Expand Down
14 changes: 4 additions & 10 deletions CHANGELOG.txt
@@ -1,12 +1,6 @@
--> IT ONLY CONTAINS THE MOST RECENT CHANGES!

v0.3.0:
- Toggleable anonymous logins
- Per-IP logs (create "iplogs" folder)
- Max connections per second and max active connections are now changeable
- Buffer size can now be changed (def.8192)
- Fixed lower-case command handling
- Final attempt to fix an encoding bug related to outputting control characters
- Changeable bantime
- Toggleable ban on big amount of errors (a.k.a some sort of service probe)
- Moved default config to Resources
v0.3.1:
- Fixed AllowAnonymous handling (oops)
- One more attempt to fix encoding break on some characters (only affects console)
- Fixed improper handling of incoming data on base socket (a.k.a base socket thread overuse fix)

0 comments on commit 17a6ead

Please sign in to comment.