add paranoid check for PORT and EPRT, make it default

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25330 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-07-15 22:18:25 +00:00
parent 16b76d5cc0
commit 29fc07df5b
2 changed files with 26 additions and 3 deletions
--- a/appl/ftp/ftpd/ftpcmd.y
+++ b/appl/ftp/ftpd/ftpcmd.y
@@ -150,15 +150,26 @@ cmd
 		    memset ($3, 0, strlen($3));
 		    free($3);
 		}
+
 	| PORT SP host_port CRLF check_secure
 		{
 		    if ($5) {
-			usedefault = 0;
-			if (pdata >= 0) {
+			if (paranoid &&
+			    (data_dest->sa_family != AF_INET ||
+			     (ntohs(data_dest->sin_port) < IPPORT_RESERVED) ||
+			     memcmp(data_dest->sin_addr,
+				    &his_addr->sin_addr,
+				    sizeof(data_dest.sin_addr)) != 0)) {
+			    usedefault = 1;
+			    reply(500, "Illegal PORT range rejected.");			    
+			} else {
+			    usedefault = 0;
+			    if (pdata >= 0) {
 				close(pdata);
 				pdata = -1;
+			    }
+			    reply(200, "PORT command successful.");
 			}
-			reply(200, "PORT command successful.");
 		    }
 		}
 	| EPRT SP STRING CRLF check_secure