[VIM] FileZilla DoS issues - questions, answers, more questions

Ferdy Riphagen f.riphagen at nsec.nl
Sat Dec 16 08:55:30 EST 2006

Steven M. Christey wrote:
> 7) The best changes are here:
>   http://filezilla.cvs.sourceforge.net/filezilla/FileZilla%20Server/source/ControlSocket.cpp?r1=1.129&r2=1.130
>   http://filezilla.cvs.sourceforge.net/filezilla/FileZilla%20Server/source/ControlSocket.cpp?r1=1.129&r2=1.130
>   You can see how it's resetting a ".pasv" value, and in some places
>   also calls CPermissions::DestroyDirlisting and a break if there's no
>   socket... which it didn't do previously.  Lines 1054, 1767 emphasize
>   this.  Each of these changes occur within a check for
>   "(!m_transferstatus.socket)".  Before this code was inserted, a null
>   dereference probably would have happened in the next few lines of
>   code, since m_transferstatus.socket is assumed to be non-null.
>   This is the kind of behavior you'd expect from a malformed PORT
>   command, because no socket would be created.
Steve I think you hit it right there.....

This will *NOT* throw an exception
PORT 127,0,0,1,55,10
STOR & (or NLST & or LIST &)

Changing PORT to example:
"PORT 127,0,0,1,55" (PORT < 5) or
"PORT ,,,,,," or 127,0,0,1,260,10" (PORT > 65535)
will all generate an exception with the added STOR/NLST and LIST


More information about the VIM mailing list