/* Get the response of FTP server and allocate enough room to handle
it. <CR> and <LF> characters are stripped from the line, and the
line is 0-terminated. All the response lines but the last one are
- skipped. The last line is determined as described in RFC959. */
+ skipped. The last line is determined as described in RFC959.
+
+ If the line is successfully read, FTPOK is returned, and *ret_line
+ is assigned a freshly allocated line. Otherwise, FTPRERR is
+ returned, and the value of *ret_line should be ignored. */
uerr_t
ftp_response (int fd, char **ret_line)
{
char *res;
if (value)
- res = concat_strings (command, " ", value, "\r\n", (char *) 0);
+ {
+ /* Check for newlines in VALUE (possibly injected by the %0A URL
+ escape) making the callers inadvertently send multiple FTP
+ commands at once. Without this check an attacker could
+ intentionally redirect to ftp://server/fakedir%0Acommand.../
+ and execute arbitrary FTP command on a remote FTP server. */
+ if (strpbrk (value, "\r\n"))
+ {
+ /* Copy VALUE to the stack and modify CR/LF to space. */
+ char *defanged, *p;
+ STRDUP_ALLOCA (defanged, value);
+ for (p = defanged; *p; p++)
+ if (*p == '\r' || *p == '\n')
+ *p = ' ';
+ DEBUGP (("\nDetected newlines in %s \"%s\"; changing to %s \"%s\"\n",
+ command, escnonprint (value), command, escnonprint (defanged)));
+ /* Make VALUE point to the defanged copy of the string. */
+ value = defanged;
+ }
+ res = concat_strings (command, " ", value, "\r\n", (char *) 0);
+ }
else
res = concat_strings (command, "\r\n", (char *) 0);
if (opt.server_response)
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
/* An unprobable possibility of logging without a password. */
if (*respline == '2')
{
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '2')
{
xfree (respline);
err = ftp_response (csock, &respline);
if (err != FTPOK)
{
- xfree (respline);
fd_close (*local_sock);
return err;
}
err = ftp_response (csock, &respline);
if (err != FTPOK)
{
- xfree (respline);
fd_close (*local_sock);
return err;
}
err = ftp_response (csock, &respline);
if (err != FTPOK)
{
- xfree (respline);
fd_close (*local_sock);
return err;
}
/* Get the server response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '2')
{
xfree (respline);
/* Get the server response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '2')
{
xfree (respline);
/* Get the server response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '2')
{
xfree (respline);
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '2')
{
xfree (respline);
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline == '5')
{
xfree (respline);
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '3')
{
xfree (respline);
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline == '5')
{
xfree (respline);
/* Get appropriate respone. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline == '5')
{
xfree (respline);
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline == '5')
{
xfree (respline);
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline == '5')
{
xfree (respline);
err = ftp_response (csock, &respline);
if (err != FTPOK)
{
- xfree (respline);
*size = 0;
return err;
}