| Ticket UUID: | 3312900 | |||
| Title: | CWD operation does not perform basic checks | |||
| Type: | Bug | Version: | None | |
| Submitter: | rkeene | Created on: | 2011-06-07 04:26:08 | |
| Subsystem: | ftpd | Assigned To: | andreas_kupries | |
| Priority: | 5 Medium | Severity: | ||
| Status: | Closed | Last Modified: | 2011-08-10 03:50:58 | |
| Resolution: | Fixed | Closed By: | andreas_kupries | |
| Closed on: | 2011-08-09 20:50:58 | |||
| Description: |
CWD operation should check for existence of file (using the filesystem callback "exists" to prevent changing directories to a file)
--- ftpd1.2.5/ftpd.tcl(revision 2177)
+++ ftpd1.2.5/ftpd.tcl(working copy)
@@ -824,7 +824,14 @@
return
}
- set data(cwd) [file join $data(cwd) $relativepath]
+ set path [file join $data(cwd) $relativepath]
+
+ if {[::ftpd::Fs exists $path]} {
+ puts $sock "550 not a directory"
+ return
+ }
+
+ set data(cwd) $path
puts $sock "250 CWD command successful."
return
}
| |||
| User Comments: |
andreas_kupries added on 2011-08-10 03:50:58:
allow_comments - 1 Fixed in CVS head. rkeene added on 2011-06-23 23:03:38: File Added - 415766: ftpd1.2.5-bug3312900.diff rkeene added on 2011-06-23 23:00:22: Patch file attached | |||
Attachments:
- ftpd1.2.5-bug3312900.diff [download] added by rkeene on 2011-06-23 23:03:38. [details]