diff options
author | Fritz Elfert <felfert@to.com> | 2002-07-11 17:15:53 +0000 |
---|---|---|
committer | Fritz Elfert <felfert@to.com> | 2002-07-11 17:15:53 +0000 |
commit | b1f7f0c63370d447adb8d1b188beed65777fe232 (patch) | |
tree | ee527ffce62ea19ca8d9c3d7e4f1c7ee1bb331aa /ncpd | |
parent | 6e69acee769a72e39fed628f637ec22589d6832c (diff) | |
download | plptools-b1f7f0c63370d447adb8d1b188beed65777fe232.tar.gz plptools-b1f7f0c63370d447adb8d1b188beed65777fe232.tar.bz2 plptools-b1f7f0c63370d447adb8d1b188beed65777fe232.zip |
- Fixed a possible exploit when using telnet (or any other network
client) connecting to ncpd.
Diffstat (limited to 'ncpd')
-rw-r--r-- | ncpd/socketchan.cc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ncpd/socketchan.cc b/ncpd/socketchan.cc index 407464a..371befd 100644 --- a/ncpd/socketchan.cc +++ b/ncpd/socketchan.cc @@ -207,6 +207,13 @@ socketPoll() // // All commands begin with "NCP$". + if (memchr(a.getString(), 0, a.getLen()) == 0) { + // Not 0 terminated, -> invalid + cerr << "ncpd: command " << a << " unrecognized." + << endl; + return; + } + // There is a magic process name called "NCP$INFO.*" // which is announced by the rfsvfactory. This causes a // response to be issued containing the NCP version |