From 8c3cd1e81bf29bb0a21ba3174a672fc85e162233 Mon Sep 17 00:00:00 2001
From: Sebastian Huber <sebastian.huber@embedded-brains.de>
Date: Tue, 30 Oct 2018 11:34:16 +0100
Subject: ftpd: Deal with too long command lines

Update #3530.
---
 cpukit/ftpd/ftpd.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'cpukit/ftpd')

diff --git a/cpukit/ftpd/ftpd.c b/cpukit/ftpd/ftpd.c
index eb87612bb5..8aef440a72 100644
--- a/cpukit/ftpd/ftpd.c
+++ b/cpukit/ftpd/ftpd.c
@@ -1908,6 +1908,7 @@ session(rtems_task_argument arg)
       {
         char buf[FTPD_BUFSIZE];
         char *cmd, *opts, *args;
+        size_t len;
 
         if (fgets(buf, FTPD_BUFSIZE, info->ctrl_fp) == NULL)
         {
@@ -1915,6 +1916,25 @@ session(rtems_task_argument arg)
           break;
         }
 
+        len = strlen(buf);
+
+        if (len == 0)
+          continue;
+
+        if (buf[len - 1] != '\n')
+        {
+          send_reply(info, 501, "Command line too long.");
+
+          /*
+           * We could also try to continue here, however, discarding the rest
+           * of the current command line and figuring out when the next command
+           * starts with fgets() is not that easy.  It would be better to avoid
+           * the FILE stream and just use the socket directly with send() and
+           * recv().
+           */
+          break;
+        }
+
         split_command(buf, &cmd, &opts, &args);
 
         if (!strcmp("QUIT", cmd))
-- 
cgit v1.2.3