From 060510ba8bfba7a59908fb5aa99aa8d17d6882c8 Mon Sep 17 00:00:00 2001
From: Gordon Tetlow <gordon@FreeBSD.org>
Date: Tue, 24 Aug 2021 11:00:47 -0700
Subject: [PATCH] Fix libfetch out of bounds read.

Approved by:	so
Security:	SA-21:15.libfetch
Security:	CVE-2021-36159
---
 lib/libfetch/ftp.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/libfetch/ftp.c b/lib/libfetch/ftp.c
index 9a546f3feca..dfde6edce73 100644
--- a/lib/libfetch/ftp.c
+++ b/lib/libfetch/ftp.c
@@ -704,8 +704,11 @@ ftp_transfer(conn_t *conn, const char *oper, const char *file,
 				goto ouch;
 			}
 			l = (e == FTP_PASSIVE_MODE ? 6 : 21);
-			for (i = 0; *p && i < l; i++, p++)
+			for (i = 0; *p && i < l; i++, p++) {
 				addr[i] = strtol(p, &p, 10);
+				if (*p == '\0' && i < l - 1)
+					break;
+			}
 			if (i < l) {
 				e = FTP_PROTOCOL_ERROR;
 				goto ouch;
-- 
2.45.0