Disallow invalid numeric mode values for SITE CHMOD.

Earlier, a decimal number (e.g., 890) could be passed for mode, leading to dangerous permissions set: -1, that is, 07777. Obtained from: OpenBSD MFC after: 1 week
2002-08-05 14:10:57 +00:00 · 2002-08-05 14:10:57 +00:00 · c452fbe11c
commit c452fbe11c
parent 255a70376b
1 changed files with 2 additions and 3 deletions
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@ -647,9 +647,8 @@ cmd
 	| SITE SP CHMOD check_login_ro SP octal_number SP pathname CRLF
 		{
 			if ($4 && ($8 != NULL)) {
-				if ($6 > 0777)
-					reply(501,
-				"CHMOD: Mode value must be between 0 and 0777");
+				if (($6 == -1 ) || ($6 > 0777))
+					reply(501, "Bad mode value");
 				else if (chmod($8, $6) < 0)
 					perror_reply(550, $8);
 				else