summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnatol Belski <ab@php.net>2016-08-16 13:08:24 +0200
committerAnatol Belski <ab@php.net>2016-08-17 13:44:47 +0200
commit4dd455c6d28064f3d56ec2c928c37ff3ac6f38b8 (patch)
tree18c72e64655e8e55d82bb92c8102c7a88732eab4
parent52f58eeaec9708b9a41694a9326992f8bcf3b86b (diff)
downloadphp-git-4dd455c6d28064f3d56ec2c928c37ff3ac6f38b8.tar.gz
Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
(cherry picked from commit f9c2edb4dbc01a817989b70ca7726f177bb1a103) Conflicts: ext/standard/ftp_fopen_wrapper.c (cherry picked from commit e5b0952be2d7c93bdf491d99f50a14df46c30cd2)
Diffstat
-rw-r--r--ext/standard/ftp_fopen_wrapper.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/ext/standard/ftp_fopen_wrapper.c b/ext/standard/ftp_fopen_wrapper.c
index 10dcdb8006..a28b6c14b1 100644
--- a/ext/standard/ftp_fopen_wrapper.c
+++ b/ext/standard/ftp_fopen_wrapper.c
@@ -187,7 +187,8 @@ static php_stream *php_ftp_fopen_connect(php_stream_wrapper *wrapper, const char
/* get the response */
result = GET_FTP_RESULT(stream);
if (result != 334) {
- use_ssl = 0;
+ php_stream_wrapper_log_error(wrapper, options, "Server doesn't support FTPS.");
+ goto connect_errexit;
} else {
/* we must reuse the old SSL session id */
/* if we talk to an old ftpd-ssl */
@@ -707,7 +708,7 @@ php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, const char *pat
if (result > 299 || result < 200)
goto opendir_errexit;
- // tmp_line isn't relevant after the php_fopen_do_pasv().
+ // tmp_line isn't relevant after the php_fopen_do_pasv().
tmp_line[0] = '\0';
/* set up the passive connection */
@@ -735,7 +736,7 @@ php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, const char *pat
php_stream_wrapper_log_error(wrapper, options, "Unable to activate SSL mode");
php_stream_close(datastream);
datastream = NULL;
- goto opendir_errexit;
+ goto opendir_errexit;
}
View Lorry Controller Status