From 46604fcc5c02ac0e523cf0881066cf868ca1dfab Mon Sep 17 00:00:00 2001 From: Joel Sherrill Date: Mon, 4 Apr 2011 17:08:47 +0000 Subject: 2011-04-04 Sebastien Bourdeauducq PR 1722/networking * ftpd/ftpd.c: FTPD fails to parse correctly FTP commands relating to filenames with spaces in them. --- cpukit/ChangeLog | 6 ++++++ cpukit/ftpd/ftpd.c | 39 +++++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 18 deletions(-) (limited to 'cpukit') diff --git a/cpukit/ChangeLog b/cpukit/ChangeLog index 4f6f247f8f..ded8e1125d 100644 --- a/cpukit/ChangeLog +++ b/cpukit/ChangeLog @@ -1,3 +1,9 @@ +2011-04-04 Sebastien Bourdeauducq + + PR 1722/networking + * ftpd/ftpd.c: FTPD fails to parse correctly FTP commands relating to + filenames with spaces in them. + 2011-03-14 Chris Johns PR 1757/filesystem diff --git a/cpukit/ftpd/ftpd.c b/cpukit/ftpd/ftpd.c index f6895754ca..b0f22c480c 100644 --- a/cpukit/ftpd/ftpd.c +++ b/cpukit/ftpd/ftpd.c @@ -15,6 +15,10 @@ * * Changes: * + * 2010-12-02 Sebastien Bourdeauducq + * + * * Support spaces in filenames + * * 2001-01-31 Sergei Organov * * * Hacks with current dir and root dir removed in favor of new libio @@ -1680,27 +1684,27 @@ exec_command(FTPD_SessionInfo_t *info, char* cmd, char* args) } else if (!strcmp("RETR", cmd)) { - sscanf(args, "%254s", fname); + strncpy(fname, args, 254); command_retrieve(info, fname); } else if (!strcmp("STOR", cmd)) { - sscanf(args, "%254s", fname); + strncpy(fname, args, 254); command_store(info, fname); } else if (!strcmp("LIST", cmd)) { - sscanf(args, "%254s", fname); + strncpy(fname, args, 254); command_list(info, fname, 1); } else if (!strcmp("NLST", cmd)) { - sscanf(args, "%254s", fname); + strncpy(fname, args, 254); command_list(info, fname, 0); } else if (!strcmp("MDTM", cmd)) { - sscanf(args, "%254s", fname); + strncpy(fname, args, 254); command_mdtm(info, fname); } else if (!strcmp("SYST", cmd)) @@ -1736,7 +1740,7 @@ exec_command(FTPD_SessionInfo_t *info, char* cmd, char* args) send_reply(info, 550, "Access denied."); } else if ( - 1 == sscanf(args, "%254s", fname) && + strncpy(fname, args, 254) && unlink(fname) == 0) { send_reply(info, 257, "DELE successful."); @@ -1758,15 +1762,14 @@ exec_command(FTPD_SessionInfo_t *info, char* cmd, char* args) { send_reply(info, 550, "Access denied."); } - else if( - 2 == sscanf(args, "%o %254s", &mask, fname) && - chmod(fname, (mode_t)mask) == 0) - { - send_reply(info, 257, "CHMOD successful."); - } - else - { - send_reply(info, 550, "CHMOD failed."); + else { + char *c; + c = strchr(args, ' '); + if((c != NULL) && (sscanf(args, "%o", &mask) == 1) && strncpy(fname, c+1, 254) + && (chmod(fname, (mode_t)mask) == 0)) + send_reply(info, 257, "CHMOD successful."); + else + send_reply(info, 550, "CHMOD failed."); } } else @@ -1779,7 +1782,7 @@ exec_command(FTPD_SessionInfo_t *info, char* cmd, char* args) send_reply(info, 550, "Access denied."); } else if ( - 1 == sscanf(args, "%254s", fname) && + strncpy(fname, args, 254) && rmdir(fname) == 0) { send_reply(info, 257, "RMD successful."); @@ -1796,7 +1799,7 @@ exec_command(FTPD_SessionInfo_t *info, char* cmd, char* args) send_reply(info, 550, "Access denied."); } else if ( - 1 == sscanf(args, "%254s", fname) && + strncpy(fname, args, 254) && mkdir(fname, S_IRWXU | S_IRWXG | S_IRWXO) == 0) { send_reply(info, 257, "MKD successful."); @@ -1808,7 +1811,7 @@ exec_command(FTPD_SessionInfo_t *info, char* cmd, char* args) } else if (!strcmp("CWD", cmd)) { - sscanf(args, "%254s", fname); + strncpy(fname, args, 254); command_cwd(info, fname); } else if (!strcmp("CDUP", cmd)) -- cgit v1.2.3