From 4dd455c6d28064f3d56ec2c928c37ff3ac6f38b8 Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Tue, 16 Aug 2016 13:08:24 +0200 Subject: Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack (cherry picked from commit f9c2edb4dbc01a817989b70ca7726f177bb1a103) Conflicts: ext/standard/ftp_fopen_wrapper.c (cherry picked from commit e5b0952be2d7c93bdf491d99f50a14df46c30cd2) --- ext/standard/ftp_fopen_wrapper.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ext/standard/ftp_fopen_wrapper.c b/ext/standard/ftp_fopen_wrapper.c index 10dcdb8006..a28b6c14b1 100644 --- a/ext/standard/ftp_fopen_wrapper.c +++ b/ext/standard/ftp_fopen_wrapper.c @@ -187,7 +187,8 @@ static php_stream *php_ftp_fopen_connect(php_stream_wrapper *wrapper, const char /* get the response */ result = GET_FTP_RESULT(stream); if (result != 334) { - use_ssl = 0; + php_stream_wrapper_log_error(wrapper, options, "Server doesn't support FTPS."); + goto connect_errexit; } else { /* we must reuse the old SSL session id */ /* if we talk to an old ftpd-ssl */ @@ -707,7 +708,7 @@ php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, const char *pat if (result > 299 || result < 200) goto opendir_errexit; - // tmp_line isn't relevant after the php_fopen_do_pasv(). + // tmp_line isn't relevant after the php_fopen_do_pasv(). tmp_line[0] = '\0'; /* set up the passive connection */ @@ -735,7 +736,7 @@ php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, const char *pat php_stream_wrapper_log_error(wrapper, options, "Unable to activate SSL mode"); php_stream_close(datastream); datastream = NULL; - goto opendir_errexit; + goto opendir_errexit; } -- cgit v1.2.1