Open luojiaqs opened 5 years ago
I'm learning ftp protocol find some bugs and just make a mark don't mind ^ ^
result size 大小没控制好造成stackoverflow
void ftp_pwd(Command *cmd, State *state) { if(state->logged_in){ char cwd[BSIZE];//size 1024 char result[BSIZE];//size 1024 memset(result, 0, BSIZE); if(getcwd(cwd,BSIZE)!=NULL){ strcat(result,"257 \"");//size 5 strcat(result,cwd); // maybe size 1024 strcat(result,"\"\n");//size 2 //result size max == 5 + 1024 +2 state->message = result; }else{ state->message = "550 Failed to get pwd.\n"; } write_state(state); }
same problem as ftp_pwd strcat stack overflow
if(mkdir(cmd->arg,S_IRWXU)==0){ strcat(res,"257 \""); strcat(res,cmd->arg); strcat(res,"\" new directory created.\n"); state->message = res;
sprintf use %s can also cause stack overflow when len(cwd)+len(cmd->arg)>1024
sprintf(res,"257 \"%s/%s\" new directory created.\n",cwd,cmd->arg);
I'm learning ftp protocol find some bugs and just make a mark don't mind ^ ^
ftp_pwd
result size 大小没控制好造成stackoverflow
ftp_mkd
same problem as ftp_pwd strcat stack overflow
sprintf use %s can also cause stack overflow when len(cwd)+len(cmd->arg)>1024