[FFmpeg-cvslog] avformat/ftp: do not break protocol on username or password with newlines
Marton Balint
git at videolan.org
Sat Feb 15 20:27:06 EET 2020
ffmpeg | branch: master | Marton Balint <cus at passwd.hu> | Thu Feb 6 00:48:17 2020 +0100| [04f1d49709dac2d0e35f54bbe49cf00ba632e6dd] | committer: Marton Balint
avformat/ftp: do not break protocol on username or password with newlines
Signed-off-by: Marton Balint <cus at passwd.hu>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=04f1d49709dac2d0e35f54bbe49cf00ba632e6dd
---
libavformat/ftp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libavformat/ftp.c b/libavformat/ftp.c
index 860dd7d8dc..ab7368256c 100644
--- a/libavformat/ftp.c
+++ b/libavformat/ftp.c
@@ -18,6 +18,8 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+#include <string.h>
+
#include "libavutil/avstring.h"
#include "libavutil/internal.h"
#include "libavutil/parseutils.h"
@@ -246,10 +248,14 @@ static int ftp_auth(FTPContext *s)
static const int user_codes[] = {331, 230, 0};
static const int pass_codes[] = {230, 0};
+ if (strpbrk(s->user, "\r\n"))
+ return AVERROR(EINVAL);
snprintf(buf, sizeof(buf), "USER %s\r\n", s->user);
err = ftp_send_command(s, buf, user_codes, NULL);
if (err == 331) {
if (s->password) {
+ if (strpbrk(s->password, "\r\n"))
+ return AVERROR(EINVAL);
snprintf(buf, sizeof(buf), "PASS %s\r\n", s->password);
err = ftp_send_command(s, buf, pass_codes, NULL);
} else
More information about the ffmpeg-cvslog
mailing list