From 2db39860cfe8bee874a98f8f842f204ddd6c195b Mon Sep 17 00:00:00 2001
From: Nick Sayer <nsayer@FreeBSD.org>
Date: Thu, 25 May 2000 19:30:18 +0000
Subject: [PATCH] 1. Add IPv6 portrange restriction code (-U flag) to
 passive().

2. Add portrange restriction code (for both v4 and v6) to the EPSV
processing stuff.
---
 libexec/ftpd/ftpd.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index 7030a93a7ec3..deea1b9ae8d5 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -2345,6 +2345,16 @@ passive()
 		    goto pasv_error;
 	}
 #endif
+#ifdef IPV6_PORTRANGE
+	if (ctrl_addr.su_family == AF_INET6) {
+	    int on = restricted_data_ports ? IPV6_PORTRANGE_HIGH
+					   : IPV6_PORTRANGE_DEFAULT;
+
+	    if (setsockopt(pdata, IPPROTO_IPV6, IPV6_PORTRANGE,
+			    (char *)&on, sizeof(on)) < 0)
+		    goto pasv_error;
+	}
+#endif
 
 	pasv_addr = ctrl_addr;
 	pasv_addr.su_port = 0;
@@ -2438,6 +2448,27 @@ long_passive(cmd, pf)
 	pasv_addr.su_port = 0;
 	len = pasv_addr.su_len;
 
+#ifdef IP_PORTRANGE
+	if (ctrl_addr.su_family == AF_INET) {
+	    int on = restricted_data_ports ? IP_PORTRANGE_HIGH
+					   : IP_PORTRANGE_DEFAULT;
+
+	    if (setsockopt(pdata, IPPROTO_IP, IP_PORTRANGE,
+			    (char *)&on, sizeof(on)) < 0)
+		    goto pasv_error;
+	}
+#endif
+#ifdef IPV6_PORTRANGE
+	if (ctrl_addr.su_family == AF_INET6) {
+	    int on = restricted_data_ports ? IPV6_PORTRANGE_HIGH
+					   : IPV6_PORTRANGE_DEFAULT;
+
+	    if (setsockopt(pdata, IPPROTO_IPV6, IPV6_PORTRANGE,
+			    (char *)&on, sizeof(on)) < 0)
+		    goto pasv_error;
+	}
+#endif
+
 	if (bind(pdata, (struct sockaddr *)&pasv_addr, len) < 0)
 		goto pasv_error;