[PATCH] Cut down buffer size in ftp_anon_connect()

[Kris Katterjohn <kjak () ispwest com>]

The attached patch cuts down the size of the 'command' buffer in
ftp_anon-connect() from 512 to 270. ftp->user can hold 64 bytes and ftp->pass
can hold 256, so 270 will hold "PASS [ftp->pass]\r\n" with a few extra bytes
in there. It also uses sizeof in snprintf() instead of just a number.

Thanks,
Kris Katterjohn

--- nmap.cc.orig        2006-03-07 21:27:50.000000000 -0600
+++ nmap.cc     2006-03-07 21:28:56.000000000 -0600
@@ -2004,7 +2004,7 @@ int ftp_anon_connect(struct ftpinfo *ftp
   struct sockaddr_in sock;
   int res;
   char recvbuf[2048];
-  char command[512];
+  char command[270];
 
   if (o.verbose || o.debugging) 
     log_write(LOG_STDOUT, "Attempting connection to ftp://%s:%s@%s:%i\n";, ftp->user, ftp->pass,
@@ -2034,7 +2034,7 @@ int ftp_anon_connect(struct ftpinfo *ftp
     exit(1);
   }
 
-  snprintf(command, 511, "USER %s\r\n", ftp->user);
+  snprintf(command, sizeof command - 1, "USER %s\r\n", ftp->user);
 
   send(sd, command, strlen(command), 0);
   res = recvtime(sd, recvbuf, sizeof(recvbuf) - 1,12, NULL);
@@ -2050,7 +2050,7 @@ int ftp_anon_connect(struct ftpinfo *ftp
     exit(1);
   }
 
-  snprintf(command, 511, "PASS %s\r\n", ftp->pass);
+  snprintf(command, sizeof command - 1, "PASS %s\r\n", ftp->pass);
 
   send(sd, command, strlen(command), 0);
   res = recvtime(sd, recvbuf, sizeof(recvbuf) - 1,12, NULL);



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev