summaryrefslogtreecommitdiff
path: root/nanoftp.c
diff options
context:
space:
mode:
Diffstat (limited to 'nanoftp.c')
-rw-r--r--nanoftp.c53
1 files changed, 36 insertions, 17 deletions
diff --git a/nanoftp.c b/nanoftp.c
index 7fe2095..16e6242 100644
--- a/nanoftp.c
+++ b/nanoftp.c
@@ -355,8 +355,13 @@ xmlNanoFTPScanURL(void *ctx, const char *URL) {
if (cur[0] == '[') {
cur++;
- while (cur[0] != ']')
+ while ((cur[0] != ']') && (indx < XML_NANO_MAX_URLBUF-1))
buf[indx++] = *cur++;
+ if (indx >= XML_NANO_MAX_URLBUF-1) {
+ xmlGenericError(xmlGenericErrorContext,
+ "\nxmlNanoFTPScanURL: %s", "Syntax Error\n");
+ return;
+ }
if (!strchr (buf, ':')) {
xmlGenericError (xmlGenericErrorContext, "\nxmlNanoFTPScanURL: %s",
@@ -604,8 +609,14 @@ xmlNanoFTPScanProxy(const char *URL) {
if (cur[0] == '[') {
cur++;
- while (cur[0] != ']')
+ while ((cur[0] != ']') && (indx < XML_NANO_MAX_URLBUF-1))
buf[indx++] = *cur++;
+ if (indx >= XML_NANO_MAX_URLBUF-1) {
+ xmlGenericError (xmlGenericErrorContext,
+ "\nxmlNanoFTPScanProxy: %s", "Syntax error\n");
+ return;
+ }
+
if (!strchr (buf, ':')) {
xmlGenericError (xmlGenericErrorContext, "\nxmlNanoFTPScanProxy: %s",
"Use [IPv6]/IPv4 format\n");
@@ -1095,22 +1106,25 @@ xmlNanoFTPConnect(void *ctx) {
if (!tmp) {
if (result)
freeaddrinfo (result);
+ __xmlIOErr(XML_FROM_FTP, 0, "getaddrinfo failed");
+ return (-1);
+ }
+ if (tmp->ai_addrlen > sizeof(ctxt->ftpAddr)) {
+ __xmlIOErr(XML_FROM_FTP, 0, "gethostbyname address mismatch");
return (-1);
}
+ if (tmp->ai_family == AF_INET6) {
+ memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen);
+ ((struct sockaddr_in6 *) &ctxt->ftpAddr)->sin6_port = htons (port);
+ ctxt->controlFd = socket (AF_INET6, SOCK_STREAM, 0);
+ }
else {
- if (tmp->ai_family == AF_INET6) {
- memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen);
- ((struct sockaddr_in6 *) &ctxt->ftpAddr)->sin6_port = htons (port);
- ctxt->controlFd = socket (AF_INET6, SOCK_STREAM, 0);
- }
- else {
- memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen);
- ((struct sockaddr_in *) &ctxt->ftpAddr)->sin_port = htons (port);
- ctxt->controlFd = socket (AF_INET, SOCK_STREAM, 0);
- }
- addrlen = tmp->ai_addrlen;
- freeaddrinfo (result);
+ memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen);
+ ((struct sockaddr_in *) &ctxt->ftpAddr)->sin_port = htons (port);
+ ctxt->controlFd = socket (AF_INET, SOCK_STREAM, 0);
}
+ addrlen = tmp->ai_addrlen;
+ freeaddrinfo (result);
}
else
#endif
@@ -1123,10 +1137,15 @@ xmlNanoFTPConnect(void *ctx) {
__xmlIOErr(XML_FROM_FTP, 0, "gethostbyname failed");
return (-1);
}
+ if ((unsigned int) hp->h_length >
+ sizeof(((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr)) {
+ __xmlIOErr(XML_FROM_FTP, 0, "gethostbyname address mismatch");
+ return (-1);
+ }
- /*
- * Prepare the socket
- */
+ /*
+ * Prepare the socket
+ */
((struct sockaddr_in *)&ctxt->ftpAddr)->sin_family = AF_INET;
memcpy (&((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr,
hp->h_addr_list[0], hp->h_length);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 09:22:10 +0000