diff options
Diffstat (limited to 'nanoftp.c')
-rw-r--r-- | nanoftp.c | 53 |
1 files changed, 36 insertions, 17 deletions
@@ -355,8 +355,13 @@ xmlNanoFTPScanURL(void *ctx, const char *URL) { if (cur[0] == '[') { cur++; - while (cur[0] != ']') + while ((cur[0] != ']') && (indx < XML_NANO_MAX_URLBUF-1)) buf[indx++] = *cur++; + if (indx >= XML_NANO_MAX_URLBUF-1) { + xmlGenericError(xmlGenericErrorContext, + "\nxmlNanoFTPScanURL: %s", "Syntax Error\n"); + return; + } if (!strchr (buf, ':')) { xmlGenericError (xmlGenericErrorContext, "\nxmlNanoFTPScanURL: %s", @@ -604,8 +609,14 @@ xmlNanoFTPScanProxy(const char *URL) { if (cur[0] == '[') { cur++; - while (cur[0] != ']') + while ((cur[0] != ']') && (indx < XML_NANO_MAX_URLBUF-1)) buf[indx++] = *cur++; + if (indx >= XML_NANO_MAX_URLBUF-1) { + xmlGenericError (xmlGenericErrorContext, + "\nxmlNanoFTPScanProxy: %s", "Syntax error\n"); + return; + } + if (!strchr (buf, ':')) { xmlGenericError (xmlGenericErrorContext, "\nxmlNanoFTPScanProxy: %s", "Use [IPv6]/IPv4 format\n"); @@ -1095,22 +1106,25 @@ xmlNanoFTPConnect(void *ctx) { if (!tmp) { if (result) freeaddrinfo (result); + __xmlIOErr(XML_FROM_FTP, 0, "getaddrinfo failed"); + return (-1); + } + if (tmp->ai_addrlen > sizeof(ctxt->ftpAddr)) { + __xmlIOErr(XML_FROM_FTP, 0, "gethostbyname address mismatch"); return (-1); } + if (tmp->ai_family == AF_INET6) { + memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen); + ((struct sockaddr_in6 *) &ctxt->ftpAddr)->sin6_port = htons (port); + ctxt->controlFd = socket (AF_INET6, SOCK_STREAM, 0); + } else { - if (tmp->ai_family == AF_INET6) { - memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen); - ((struct sockaddr_in6 *) &ctxt->ftpAddr)->sin6_port = htons (port); - ctxt->controlFd = socket (AF_INET6, SOCK_STREAM, 0); - } - else { - memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen); - ((struct sockaddr_in *) &ctxt->ftpAddr)->sin_port = htons (port); - ctxt->controlFd = socket (AF_INET, SOCK_STREAM, 0); - } - addrlen = tmp->ai_addrlen; - freeaddrinfo (result); + memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen); + ((struct sockaddr_in *) &ctxt->ftpAddr)->sin_port = htons (port); + ctxt->controlFd = socket (AF_INET, SOCK_STREAM, 0); } + addrlen = tmp->ai_addrlen; + freeaddrinfo (result); } else #endif @@ -1123,10 +1137,15 @@ xmlNanoFTPConnect(void *ctx) { __xmlIOErr(XML_FROM_FTP, 0, "gethostbyname failed"); return (-1); } + if ((unsigned int) hp->h_length > + sizeof(((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr)) { + __xmlIOErr(XML_FROM_FTP, 0, "gethostbyname address mismatch"); + return (-1); + } - /* - * Prepare the socket - */ + /* + * Prepare the socket + */ ((struct sockaddr_in *)&ctxt->ftpAddr)->sin_family = AF_INET; memcpy (&((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr, hp->h_addr_list[0], hp->h_length); |