Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack

(cherry picked from commit f9c2edb4dbc01a817989b70ca7726f177bb1a103) Conflicts: ext/standard/ftp_fopen_wrapper.c
2024-09-23 02:47:26 +00:00 · 2016-08-16 13:08:24 +02:00 · 2016-08-16 13:08:24 +02:00 · e5b0952be2
commit e5b0952be2
parent a47df5be19
1 changed files with 4 additions and 3 deletions
--- a/ext/standard/ftp_fopen_wrapper.c
+++ b/ext/standard/ftp_fopen_wrapper.c
@ -187,7 +187,8 @@ static php_stream *php_ftp_fopen_connect(php_stream_wrapper *wrapper, const char
 			/* get the response */
 			result = GET_FTP_RESULT(stream);
 			if (result != 334) {
-				use_ssl = 0;
+				php_stream_wrapper_log_error(wrapper, options, "Server doesn't support FTPS.");
+				goto connect_errexit;
 			} else {
 				/* we must reuse the old SSL session id */
 				/* if we talk to an old ftpd-ssl */