From e4f54cfe6681b301fb32b455cb9bbab24d97c0f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Wed, 5 Sep 2018 10:32:00 +0300
Subject: [PATCH] libfetch: do not give out user/hostname as ftp anonymous
 password

This is unwanted information disclosure.

Reported-by: Max Justicz <max@justi.cz>
---
 libfetch/ftp.c | 20 +++++---------------
 1 file changed, 5 insertions(+), 15 deletions(-)

diff --git a/libfetch/ftp.c b/libfetch/ftp.c
index 6caadf2..80f77d9 100644
--- a/libfetch/ftp.c
+++ b/libfetch/ftp.c
@@ -79,6 +79,7 @@
 
 static int ftp_cmd(conn_t *, const char *, ...) LIBFETCH_PRINTFLIKE(2, 3);
 #define FTP_ANONYMOUS_USER	"anonymous"
+#define FTP_ANONYMOUS_PASSWORD	"anonymous"
 
 #define FTP_CONNECTION_ALREADY_OPEN	125
 #define FTP_OPEN_DATA_CONNECTION	150
@@ -959,9 +960,8 @@ ouch:
 static int
 ftp_authenticate(conn_t *conn, struct url *url, struct url *purl)
 {
-	const char *user, *pwd, *login_name;
-	char pbuf[URL_USERLEN + 1 + URL_HOSTLEN + 1];
-	int e, len;
+	const char *user, *pwd;
+	int e;
 
 	/* XXX FTP_AUTH, and maybe .netrc */
 
@@ -985,18 +985,8 @@ ftp_authenticate(conn_t *conn, struct url *url, struct url *purl)
 		pwd = url->pwd;
 		if (*pwd == '\0')
 			pwd = getenv("FTP_PASSWORD");
-		if (pwd == NULL || *pwd == '\0') {
-			if ((login_name = getlogin()) == 0)
-				login_name = FTP_ANONYMOUS_USER;
-			if ((len = snprintf(pbuf, URL_USERLEN + 2, "%s@", login_name)) < 0)
-				len = 0;
-			else if (len > URL_USERLEN + 1)
-				len = URL_USERLEN + 1;
-			gethostname(pbuf + len, sizeof(pbuf) - len);
-			/* MAXHOSTNAMELEN can differ from URL_HOSTLEN + 1 */
-			pbuf[sizeof(pbuf) - 1] = '\0';
-			pwd = pbuf;
-		}
+		if (pwd == NULL || *pwd == '\0')
+			pwd = FTP_ANONYMOUS_PASSWORD;
 		e = ftp_cmd(conn, "PASS %s\r\n", pwd);
 	}