$OpenBSD: patch-kioslave_ftp_ftp_cc,v 1.6 2017/04/19 13:21:49 espie Exp $
--- kioslave/ftp/ftp.cc.orig	Tue Aug 19 20:18:12 2008
+++ kioslave/ftp/ftp.cc	Tue Apr 18 16:21:50 2017
@@ -757,6 +757,14 @@ bool Ftp::ftpSendCmd( const QCString& cmd, int maxretr
     return false;
   }
 
+  if ( cmd.find( '\r' ) != -1 || cmd.find( '\n' ) != -1)
+  {
+    kdWarning(7102) << "Invalid command received (contains CR or LF): "
+                    << cmd.data() << endl;
+    error( ERR_UNSUPPORTED_ACTION, m_host );
+    return false;
+  }
+
   // Don't print out the password...
   bool isPassCmd = (cmd.left(4).lower() == "pass");
   if ( !isPassCmd )
@@ -876,7 +884,7 @@ int Ftp::ftpOpenPASVDataConnection()
   // The usual answer is '227 Entering Passive Mode. (160,39,200,55,6,245)'
   // but anonftpd gives '227 =160,39,200,55,6,245'
   int i[6];
-  char *start = strchr(ftpResponse(3), '(');
+  const char *start = strchr(ftpResponse(3), '(');
   if ( !start )
     start = strchr(ftpResponse(3), '=');
   if ( !start ||
@@ -931,7 +939,7 @@ int Ftp::ftpOpenEPSVDataConnection()
     return ERR_INTERNAL;
   }
 
-  char *start = strchr(ftpResponse(3), '|');
+  const char *start = strchr(ftpResponse(3), '|');
   if ( !start || sscanf(start, "|||%d|", &portnum) != 1)
     return ERR_INTERNAL;
 
