|
Line
Link Here
|
| 0 |
-- lib/protocols.c |
0 |
++ lib/protocols.c |
|
Lines 1610-1616
Link Here
|
| 1610 |
int |
1610 |
int |
| 1611 |
gftp_parse_ls (gftp_request * request, const char *lsoutput, gftp_file * fle) |
1611 |
gftp_parse_ls (gftp_request * request, const char *lsoutput, gftp_file * fle) |
| 1612 |
{ |
1612 |
{ |
| 1613 |
char *str, *endpos, tmpchar; |
1613 |
char *str, *endpos, tmpchar, *safename; |
| 1614 |
int result, is_vms; |
1614 |
int result, is_vms; |
| 1615 |
size_t len; |
1615 |
size_t len; |
| 1616 |
|
1616 |
|
|
Lines 1677-1682
Link Here
|
| 1677 |
} |
1677 |
} |
| 1678 |
g_free (str); |
1678 |
g_free (str); |
| 1679 |
|
1679 |
|
|
|
1680 |
if ((safename = strrchr (fle->file, '/'))) |
| 1681 |
{ |
| 1682 |
printf ("ALERT: Directory traversal attack attempt from FTP server.\nWill sanitize file name \"%s\".\n", fle->file); |
| 1683 |
while (1) |
| 1684 |
{ |
| 1685 |
*safename = '_'; |
| 1686 |
if (!(safename = strrchr (fle->file, '/'))) |
| 1687 |
break; |
| 1688 |
} |
| 1689 |
} |
| 1690 |
|
| 1680 |
if (fle->attribs == NULL) |
1691 |
if (fle->attribs == NULL) |
| 1681 |
return (result); |
1692 |
return (result); |
| 1682 |
|
1693 |
|