diff mbox series

[FFmpeg-devel,11/12] avformat/ftp: do not break protocol on username or password with newlines

Message ID 20200208211823.31345-11-cus@passwd.hu
State Accepted
Headers show
Series [FFmpeg-devel,01/12] avformat/tests/url: make format more readable | expand

Checks

Context Check Description
andriy/ffmpeg-patchwork success Make fate finished

Commit Message

Marton Balint Feb. 8, 2020, 9:18 p.m. UTC 
Signed-off-by: Marton Balint <cus@passwd.hu>
---
 libavformat/ftp.c | 6 ++++++
 1 file changed, 6 insertions(+)
diff mbox series

Patch

diff --git a/libavformat/ftp.c b/libavformat/ftp.c
index 860dd7d8dc..ab7368256c 100644
--- a/libavformat/ftp.c
+++ b/libavformat/ftp.c
@@ -18,6 +18,8 @@ 
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
+#include <string.h>
+
 #include "libavutil/avstring.h"
 #include "libavutil/internal.h"
 #include "libavutil/parseutils.h"
@@ -246,10 +248,14 @@  static int ftp_auth(FTPContext *s)
     static const int user_codes[] = {331, 230, 0};
     static const int pass_codes[] = {230, 0};
 
+    if (strpbrk(s->user, "\r\n"))
+        return AVERROR(EINVAL);
     snprintf(buf, sizeof(buf), "USER %s\r\n", s->user);
     err = ftp_send_command(s, buf, user_codes, NULL);
     if (err == 331) {
         if (s->password) {
+            if (strpbrk(s->password, "\r\n"))
+                return AVERROR(EINVAL);
             snprintf(buf, sizeof(buf), "PASS %s\r\n", s->password);
             err = ftp_send_command(s, buf, pass_codes, NULL);
         } else