From 92fb73613dfb53ca230fa88c0585b3c51dc79f9c Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Thu, 14 Oct 2004 09:08:16 +0000
Subject: [PATCH] Reject filenames beginning with '-' (security concern).

---
 src/sbbs3/ftpsrvr.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/sbbs3/ftpsrvr.c b/src/sbbs3/ftpsrvr.c
index ddf1d2c831..e53fbc0fb8 100644
--- a/src/sbbs3/ftpsrvr.c
+++ b/src/sbbs3/ftpsrvr.c
@@ -4123,7 +4123,8 @@ static void ctrl_thread(void* arg)
 					sockprintf(sock,"553 Insufficient access.");
 					continue;
 				}
-				if(strcspn(p,ILLEGAL_FILENAME_CHARS)!=strlen(p)
+				if(*p=='-'
+					|| strcspn(p,ILLEGAL_FILENAME_CHARS)!=strlen(p)
 					|| trashcan(&scfg,p,"file")) {
 					lprintf(LOG_WARNING,"%04d !ILLEGAL FILENAME ATTEMPT by %s: %s"
 						,sock,user.alias,p);
@@ -4649,7 +4650,7 @@ void DLLCALL ftp_server(void* arg)
 			return;
 		}
 
-		lprintf(LOG_DEBUG,"%04d FTP socket opened",server_socket);
+		lprintf(LOG_DEBUG,"%04d FTP Server socket opened",server_socket);
 
 		/*****************************/
 		/* Listen for incoming calls */
@@ -4782,6 +4783,10 @@ void DLLCALL ftp_server(void* arg)
 			served++;
 		}
 
+#ifdef _DEBUG
+		lprintf(LOG_DEBUG,"0000 server_socket: %d",server_socket);
+		lprintf(LOG_DEBUG,"0000 terminate_server: %d",terminate_server);
+#endif
 		if(active_clients) {
 			lprintf(LOG_DEBUG,"0000 Waiting for %d active clients to disconnect...", active_clients);
 			start=time(NULL);
-- 
GitLab