Comment 10 for bug 11467

Message-ID: <email address hidden>
Date: Thu, 6 Jan 2005 16:49:21 +0100
From: Martin Schulze <email address hidden>
To: Moritz Muehlenhoff <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: Re: [patch] KDE ftp kioslave applies to woody as well

Moritz Muehlenhoff wrote:
> Hi,
> this applies to woody as well. Attached you can find the backported upstream
> patch against 2.2.2. BTW, this is CAN-2004-1165.
>
> Cheers,
> Moritz

> diff -Naur kdelibs-2.2.2.orig/kio/ftp/ftp.cc kdelibs-2.2.2/kio/ftp/ftp.cc
> --- kdelibs-2.2.2.orig/kio/ftp/ftp.cc Wed Jan 5 12:29:07 2005
> +++ kdelibs-2.2.2/kio/ftp/ftp.cc Wed Jan 5 12:28:25 2005
> @@ -596,6 +596,14 @@
> {
> assert( sControl > 0 );
>
> + if ( cmd.find( '\r' ) != -1 || cmd.find( '\n' ) != -1)
> + {
> + kdWarning(7102) << "Invalid command received (contains CR or LF): "
> + << cmd.data() << endl;
> + error( ERR_UNSUPPORTED_ACTION, m_host );
> + return false;
> + }
> +
> QCString buf = cmd;
> buf += "\r\n";

Thanks, that was on my agenda as well. Working on it now.

Please
 . update the package in sid
 . mention the CVE id from the subject in the changelog
 . tell me the version number of the fixed package
 . use priority=high
 . no need to upload into sarge directly, except the version in
   sid is not meant to go into testing

Regards,

 Joey

--
Let's call it an accidental feature. -- Larry Wall