--- kdelibs/kioslave/ftp/ftp.cc
+++ kdelibs/kioslave/ftp/ftp.cc
@@ -58,6 +58,7 @@
#include <kmimemagic.h>
#include <kmimetype.h>
#include <ksockaddr.h>
+#include <ksocketaddress.h>
#include <kio/ioslave_defaults.h>
#include <kio/slaveconfig.h>
#include <kremoteencoding.h>
@@ -835,7 +836,6 @@ bool Ftp::ftpSendCmd( const QCString& cm
return true;
}
-
/*
* ftpOpenPASVDataConnection - set up data connection, using PASV mode
*
@@ -853,6 +853,8 @@ int Ftp::ftpOpenPASVDataConnection()
if (sa != NULL && sa->family() != PF_INET)
return ERR_INTERNAL; // no PASV for non-PF_INET connections
+ const KInetSocketAddress *sin = static_cast<const KInetSocketAddress*>(sa);
+
if (m_extControl & pasvUnknown)
return ERR_INTERNAL; // already tried and got "unknown command"
@@ -886,14 +888,17 @@ int Ftp::ftpOpenPASVDataConnection()
}
// Make hostname and port number ...
- QString host;
- host.sprintf("%d.%d.%d.%d", i[0], i[1], i[2], i[3]);
int port = i[4] << 8 | i[5];
+ // we ignore the host part on purpose for two reasons
+ // a) it might be wrong anyway
+ // b) it would make us being suceptible to a port scanning attack
+
// now connect the data socket ...
m_data = new FtpSocket("PASV");
- m_data->setAddress(host, port);
- kdDebug(7102) << "Connecting to " << host << " on port " << port << endl;
+ m_data->setAddress(sin->nodeName(), port);
+
+ kdDebug(7102) << "Connecting to " << sin->nodeName() << " on port " << port << endl;
return m_data->connectSocket(connectTimeout(), false);
}
distrib
>
Mandriva
>
2007.1
>
x86_64
>
media
>
main-updates-src
>
by-pkgid
>
8a53a5778eacd7942443b14192b5daf4
>
files
>
1
