Validation of Name header was missing from ftp_chkput, thus still allowing actual putting. --- plugins/ftp.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/plugins/ftp.c b/plugins/ftp.c index 57b187c..b0ef540 100644 --- a/plugins/ftp.c +++ b/plugins/ftp.c @@ -267,6 +267,9 @@ int ftp_chkput(struct obex_session *os, void *user_data) if (name == NULL) return -EBADR; + if (!is_filename(name)) + return -EBADR; + if (obex_get_size(os) == OBJECT_SIZE_DELETE) return 0; -- 1.7.4.1 -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
