diff options
author | Anatol Belski <ab@php.net> | 2016-08-16 13:08:24 +0200 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2016-08-17 13:44:47 +0200 |
commit | 4dd455c6d28064f3d56ec2c928c37ff3ac6f38b8 (patch) | |
tree | 18c72e64655e8e55d82bb92c8102c7a88732eab4 | |
parent | 52f58eeaec9708b9a41694a9326992f8bcf3b86b (diff) | |
download | php-git-4dd455c6d28064f3d56ec2c928c37ff3ac6f38b8.tar.gz |
Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
(cherry picked from commit f9c2edb4dbc01a817989b70ca7726f177bb1a103)
Conflicts:
ext/standard/ftp_fopen_wrapper.c
(cherry picked from commit e5b0952be2d7c93bdf491d99f50a14df46c30cd2)
-rw-r--r-- | ext/standard/ftp_fopen_wrapper.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/ext/standard/ftp_fopen_wrapper.c b/ext/standard/ftp_fopen_wrapper.c index 10dcdb8006..a28b6c14b1 100644 --- a/ext/standard/ftp_fopen_wrapper.c +++ b/ext/standard/ftp_fopen_wrapper.c @@ -187,7 +187,8 @@ static php_stream *php_ftp_fopen_connect(php_stream_wrapper *wrapper, const char /* get the response */ result = GET_FTP_RESULT(stream); if (result != 334) { - use_ssl = 0; + php_stream_wrapper_log_error(wrapper, options, "Server doesn't support FTPS."); + goto connect_errexit; } else { /* we must reuse the old SSL session id */ /* if we talk to an old ftpd-ssl */ @@ -707,7 +708,7 @@ php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, const char *pat if (result > 299 || result < 200) goto opendir_errexit; - // tmp_line isn't relevant after the php_fopen_do_pasv(). + // tmp_line isn't relevant after the php_fopen_do_pasv(). tmp_line[0] = '\0'; /* set up the passive connection */ @@ -735,7 +736,7 @@ php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, const char *pat php_stream_wrapper_log_error(wrapper, options, "Unable to activate SSL mode"); php_stream_close(datastream); datastream = NULL; - goto opendir_errexit; + goto opendir_errexit; } |