Nmap Development mailing list archives
[PATCH] Cut down buffer size in ftp_anon_connect()
From: Kris Katterjohn <kjak () ispwest com>
Date: Tue, 07 Mar 2006 21:43:39 -0600
The attached patch cuts down the size of the 'command' buffer in ftp_anon-connect() from 512 to 270. ftp->user can hold 64 bytes and ftp->pass can hold 256, so 270 will hold "PASS [ftp->pass]\r\n" with a few extra bytes in there. It also uses sizeof in snprintf() instead of just a number. Thanks, Kris Katterjohn
--- nmap.cc.orig 2006-03-07 21:27:50.000000000 -0600 +++ nmap.cc 2006-03-07 21:28:56.000000000 -0600 @@ -2004,7 +2004,7 @@ int ftp_anon_connect(struct ftpinfo *ftp struct sockaddr_in sock; int res; char recvbuf[2048]; - char command[512]; + char command[270]; if (o.verbose || o.debugging) log_write(LOG_STDOUT, "Attempting connection to ftp://%s:%s@%s:%i\n", ftp->user, ftp->pass, @@ -2034,7 +2034,7 @@ int ftp_anon_connect(struct ftpinfo *ftp exit(1); } - snprintf(command, 511, "USER %s\r\n", ftp->user); + snprintf(command, sizeof command - 1, "USER %s\r\n", ftp->user); send(sd, command, strlen(command), 0); res = recvtime(sd, recvbuf, sizeof(recvbuf) - 1,12, NULL); @@ -2050,7 +2050,7 @@ int ftp_anon_connect(struct ftpinfo *ftp exit(1); } - snprintf(command, 511, "PASS %s\r\n", ftp->pass); + snprintf(command, sizeof command - 1, "PASS %s\r\n", ftp->pass); send(sd, command, strlen(command), 0); res = recvtime(sd, recvbuf, sizeof(recvbuf) - 1,12, NULL);
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- [PATCH] Cut down buffer size in ftp_anon_connect() Kris Katterjohn (Mar 07)
- Re: [PATCH] Cut down buffer size in ftp_anon_connect() Matthew Murphy (Mar 07)
- Re: [PATCH] Cut down buffer size in ftp_anon_connect() Kris Katterjohn (Mar 08)
- Re: [PATCH] Cut down buffer size in ftp_anon_connect() Matthew Murphy (Mar 07)