232acac623
server or be a vector for sending out unsolicited email. http://www.kde.org/info/security/advisory-20050101-1.txt Bump PKGREVISION.
19 lines
649 B
Text
19 lines
649 B
Text
$NetBSD: patch-aq,v 1.7 2005/01/05 10:36:23 markd Exp $
|
|
|
|
--- kioslave/ftp/ftp.cc.orig 2004-10-03 20:40:52.000000000 +1300
|
|
+++ kioslave/ftp/ftp.cc
|
|
@@ -751,6 +751,14 @@ bool Ftp::ftpSendCmd( const QCString& cm
|
|
{
|
|
assert(m_control != NULL); // must have control connection socket
|
|
|
|
+ if ( cmd.find( '\r' ) != -1 || cmd.find( '\n' ) != -1)
|
|
+ {
|
|
+ kdWarning(7102) << "Invalid command received (contains CR or LF): "
|
|
+ << cmd.data() << endl;
|
|
+ error( ERR_UNSUPPORTED_ACTION, m_host );
|
|
+ return false;
|
|
+ }
|
|
+
|
|
// Don't print out the password...
|
|
bool isPassCmd = (cmd.left(4).lower() == "pass");
|
|
if ( !isPassCmd )
|