From c452fbe11c533585a8e4cec7d5146feeec70393a Mon Sep 17 00:00:00 2001
From: Yaroslav Tykhiy <ytykhiy@gmail.com>
Date: Mon, 5 Aug 2002 14:10:57 +0000
Subject: [PATCH] Disallow invalid numeric mode values for SITE CHMOD. Earlier,
 a decimal number (e.g., 890) could be passed for mode, leading to dangerous
 permissions set: -1, that is, 07777.

Obtained from:	OpenBSD
MFC after:	1 week
---
 libexec/ftpd/ftpcmd.y | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y
index d7ffc73ff6c..2284f029fba 100644
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@@ -647,9 +647,8 @@ cmd
 	| SITE SP CHMOD check_login_ro SP octal_number SP pathname CRLF
 		{
 			if ($4 && ($8 != NULL)) {
-				if ($6 > 0777)
-					reply(501,
-				"CHMOD: Mode value must be between 0 and 0777");
+				if (($6 == -1 ) || ($6 > 0777))
+					reply(501, "Bad mode value");
 				else if (chmod($8, $6) < 0)
 					perror_reply(550, $8);
 				else