[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS: cvs.openbsd.org: src

To: source-changes_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
Subject: CVS: cvs.openbsd.org: src
From: Moritz Jodeit <moritz_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>
Date: Fri, 12 Sep 2008 10:12:08 -0600 (MDT)

CVSROOT:	/cvs
Module name:	src
Changes by:	moritz_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org	2008/09/12 10:12:08

Modified files:
	libexec/ftpd   : extern.h ftpcmd.y ftpd.c 

Log message:
Don't split large commands into multiple commands on a 512-byte
boundary but just fail on them. This prevents CSRF-like attacks,
when a web browser is used to access an ftp server.

Reported by Maksymilian Arciemowicz <cxib_(_at_)_securityreason_(_dot_)_com>.

ok millert@ martynas@

Prev by Date: CVS: cvs.openbsd.org: src
Next by Date: CVS: cvs.openbsd.org: src
Previous by thread: CVS: cvs.openbsd.org: src
Next by thread: CVS: cvs.openbsd.org: src
Index(es):
- Date
- Thread

Visit your host, monkey.org