fix ftp based denial of service attack.

penfold42 · penfold42 · commit 99594b8c64de · 2025-11-21T16:41:13.000+11:00
The autoreboot feature can be abused as you dont need a valid login to trigger the reboot.

This fix will only auto reboot after you quit a logged in session.
diff --git a/src/net/ftpworker.cpp b/src/net/ftpworker.cpp
@@ -1057,7 +1057,15 @@ bool CFTPWorker::RenameTo(const char* pArgs)
 
 bool CFTPWorker::Bye(const char* pArgs)
 {
-	SendStatus(TFTPStatus::ClosingControl, "Goodbye.");
+	if (!CheckLoggedIn())
+	{
+		SendStatus(TFTPStatus::ClosingControl, "Goodbye.");
+		delete m_pControlSocket;
+		m_pControlSocket = nullptr;
+		return true;
+	}
+
+	SendStatus(TFTPStatus::ClosingControl, "Goodbye. Rebooting");
 	delete m_pControlSocket;
 	m_pControlSocket = nullptr;
 
