Hi,
this applies to woody as well. Attached you can find the backported upstream
patch against 2.2.2. BTW, this is CAN-2004-1165.
Cheers,
Moritz
diff -Naur kdelibs-2.2.2.orig/kio/ftp/ftp.cc kdelibs-2.2.2/kio/ftp/ftp.cc
--- kdelibs-2.2.2.orig/kio/ftp/ftp.cc Wed Jan 5 12:29:07 2005
+++ kdelibs-2.2.2/kio/ftp/ftp.cc Wed Jan 5 12:28:25 2005
@@ -596,6 +596,14 @@
{
assert( sControl > 0 );
+ if ( cmd.find( '\r' ) != -1 || cmd.find( '\n' ) != -1)
+ {
+ kdWarning(7102) << "Invalid command received (contains CR or LF): "
+ << cmd.data() << endl;
+ error( ERR_UNSUPPORTED_ACTION, m_host );
+ return false;
+ }
+
QCString buf = cmd;
buf += "\r\n";
