Attachment #23446 for bug #60230

View | Details | Raw Unified | Return to bug 60230
Collapse All | Expand All

Line Link Here

(-)file_not_specified_in_diff (-220 / +258 lines)
0	-- appl/ftp/ftp/ftp.c	0	++ appl/ftp/ftp/ftp.c
Lines 1741-1748 Link Here
1741	snprintf (buf, sizeof (buf), "%c%c%c", IAC, IP, IAC);	1741	snprintf (buf, sizeof (buf), "%c%c%c", IAC, IP, IAC);
1742	if (send (fileno (cout), buf, 3, MSG_OOB) != 3)	1742	if (send (fileno (cout), buf, 3, MSG_OOB) != 3)
1743	warn ("abort");	1743	warn ("abort");
1744	fprintf (cout, "%cABOR\r\n", DM);	1744	fprintf (cout, "%c", DM);
1745	fflush (cout);	1745	sec_fprintf(cout, "ABOR");
		1746	sec_fflush (cout);
		1747	fprintf (cout, "\r\n");
		1748	fflush(cout);
1746	FD_ZERO (&mask);	1749	FD_ZERO (&mask);
1747	if (fileno (cin) >= FD_SETSIZE)	1750	if (fileno (cin) >= FD_SETSIZE)
1748	errx (1, "fd too large");	1751	errx (1, "fd too large");
1749	-- appl/ftp/ftpd/extern.h	1752	++ appl/ftp/ftpd/extern.h
Lines 48-54 Link Here
48		48
49	#include <stdio.h>	49	#include <stdio.h>
50	#include <stdarg.h>	50	#include <stdarg.h>
51	#include <setjmp.h>
52	#ifdef HAVE_PWD_H	51	#ifdef HAVE_PWD_H
53	#include <pwd.h>	52	#include <pwd.h>
54	#endif	53	#endif
Lines 129-138 Link Here
129	extern int guest;	128	extern int guest;
130	extern int logging;	129	extern int logging;
131	extern int type;	130	extern int type;
132	extern int oobflag;
133	extern off_t file_size;	131	extern off_t file_size;
134	extern off_t byte_count;	132	extern off_t byte_count;
135	extern jmp_buf urgcatch;
136		133
137	extern int form;	134	extern int form;
138	extern int debug;	135	extern int debug;
Lines 142-148 Link Here
142	extern char hostname[], remotehost[];	139	extern char hostname[], remotehost[];
143	extern char proctitle[];	140	extern char proctitle[];
144	extern int usedefault;	141	extern int usedefault;
145	extern int transflag;
146	extern char tmpline[];	142	extern char tmpline[];
147		143
148	#endif /* _EXTERN_H_ */	144	#endif /* _EXTERN_H_ */
149	-- appl/ftp/ftpd/ftpcmd.y	145	++ appl/ftp/ftpd/ftpcmd.y
Lines 47-56 Link Here
47		47
48	off_t restart_point;	48	off_t restart_point;
49		49
		50	static int hasyyerrored;
		51
		52
50	static int cmd_type;	53	static int cmd_type;
51	static int cmd_form;	54	static int cmd_form;
52	static int cmd_bytesz;	55	static int cmd_bytesz;
53	char cbuf[2048];	56	char cbuf[64*1024];
54	char *fromname;	57	char *fromname;
55		58
56	struct tab {	59	struct tab {
Lines 303-317 Link Here
303	}	306	}
304	\| sTAT CRLF	307	\| sTAT CRLF
305	{	308	{
306	if(oobflag){
307	if (file_size != (off_t) -1)
308	reply(213, "Status: %lu of %lu bytes transferred",
309	(unsigned long)byte_count,
310	(unsigned long)file_size);
311	else
312	reply(213, "Status: %lu bytes transferred",
313	(unsigned long)byte_count);
314	}else
315	statcmd();	309	statcmd();
316	}	310	}
317	\| DELE SP pathname CRLF check_login_no_guest	311	\| DELE SP pathname CRLF check_login_no_guest
Lines 337-349 Link Here
337	}	331	}
338	\| ABOR CRLF	332	\| ABOR CRLF
339	{	333	{
340	if(oobflag){	334	reply(225, "ABOR command successful.");
341	reply(426, "Transfer aborted. Data connection closed.");
342	reply(226, "Abort successful");
343	oobflag = 0;
344	longjmp(urgcatch, 1);
345	}else
346	reply(225, "ABOR command successful.");
347	}	335	}
348	\| CWD CRLF check_login	336	\| CWD CRLF check_login
349	{	337	{
Lines 914-921 Link Here
914		902
915	%%	903	%%
916		904
917	extern jmp_buf errcatch;
918
919	#define CMD 0 /* beginning of command */	905	#define CMD 0 /* beginning of command */
920	#define ARGS 1 /* expect miscellaneous arguments */	906	#define ARGS 1 /* expect miscellaneous arguments */
921	#define STR1 2 /* expect SP followed by STRING */	907	#define STR1 2 /* expect SP followed by STRING */
Lines 1034-1048 Link Here
1034	char *cs;	1020	char *cs;
1035		1021
1036	cs = s;	1022	cs = s;
1037	/* tmpline may contain saved command from urgent mode interruption */	1023
		1024	/* might still be data within the security MIC/CONF/ENC */
1038	if(ftp_command){	1025	if(ftp_command){
1039	strlcpy(s, ftp_command, n);	1026	strlcpy(s, ftp_command, n);
1040	if (debug)	1027	if (debug)
1041	syslog(LOG_DEBUG, "command: %s", s);	1028	syslog(LOG_DEBUG, "command: %s", s);
1042	#ifdef XXX	1029	return s;
1043	fprintf(stderr, "%s\n", s);
1044	#endif
1045	return s;
1046	}	1030	}
1047	while ((c = getc(stdin)) != EOF) {	1031	while ((c = getc(stdin)) != EOF) {
1048	c &= 0377;	1032	c &= 0377;
Lines 1127-1132 Link Here
1127	switch (state) {	1111	switch (state) {
1128		1112
1129	case CMD:	1113	case CMD:
		1114	hasyyerrored = 0;
		1115
1130	signal(SIGALRM, toolong);	1116	signal(SIGALRM, toolong);
1131	alarm((unsigned) ftpd_timeout);	1117	alarm((unsigned) ftpd_timeout);
1132	if (ftpd_getline(cbuf, sizeof(cbuf)-1) == NULL) {	1118	if (ftpd_getline(cbuf, sizeof(cbuf)-1) == NULL) {
Lines 1135-1141 Link Here
1135	}	1121	}
1136	alarm(0);	1122	alarm(0);
1137	#ifdef HAVE_SETPROCTITLE	1123	#ifdef HAVE_SETPROCTITLE
1138	if (strncasecmp(cbuf, "PASS", 4) != NULL)	1124	if (strncasecmp(cbuf, "PASS", 4) != 0)
1139	setproctitle("%s: %s", proctitle, cbuf);	1125	setproctitle("%s: %s", proctitle, cbuf);
1140	#endif /* HAVE_SETPROCTITLE */	1126	#endif /* HAVE_SETPROCTITLE */
1141	if ((cp = strchr(cbuf, '\r'))) {	1127	if ((cp = strchr(cbuf, '\r'))) {
Lines 1154-1161 Link Here
1154	if (p != 0) {	1140	if (p != 0) {
1155	if (p->implemented == 0) {	1141	if (p->implemented == 0) {
1156	nack(p->name);	1142	nack(p->name);
1157	longjmp(errcatch,0);	1143	hasyyerrored = 1;
1158	/* NOTREACHED */	1144	break;
1159	}	1145	}
1160	state = p->state;	1146	state = p->state;
1161	yylval.s = p->name;	1147	yylval.s = p->name;
Lines 1180-1187 Link Here
1180	if (p->implemented == 0) {	1166	if (p->implemented == 0) {
1181	state = CMD;	1167	state = CMD;
1182	nack(p->name);	1168	nack(p->name);
1183	longjmp(errcatch,0);	1169	hasyyerrored = 1;
1184	/* NOTREACHED */	1170	break;
1185	}	1171	}
1186	state = p->state;	1172	state = p->state;
1187	yylval.s = p->name;	1173	yylval.s = p->name;
Lines 1329-1340 Link Here
1329	default:	1315	default:
1330	fatal("Unknown state in scanner.");	1316	fatal("Unknown state in scanner.");
1331	}	1317	}
1332	yyerror((char *) 0);	1318	yyerror(NULL);
1333	state = CMD;	1319	state = CMD;
1334	longjmp(errcatch,0);	1320	return (0);
1335	}	1321	}
1336	}	1322	}
1337		1323
		1324	/* ARGSUSED */
		1325	void
		1326	yyerror(char *s)
		1327	{
		1328	char *cp;
		1329
		1330	if (hasyyerrored)
		1331	return;
		1332
		1333	if ((cp = strchr(cbuf,'\n')))
		1334	*cp = '\0';
		1335	reply(500, "'%s': command not understood.", cbuf);
		1336	hasyyerrored = 1;
		1337	}
		1338
1338	static char *	1339	static char *
1339	copy(char *s)	1340	copy(char *s)
1340	{	1341	{
1341	-- appl/ftp/ftpd/ftpd.8	1342	++ appl/ftp/ftpd/ftpd.8
Lines 48-53 Link Here
48	.Op Fl T Ar maxtimeout	48	.Op Fl T Ar maxtimeout
49	.Op Fl t Ar timeout	49	.Op Fl t Ar timeout
50	.Op Fl -gss-bindings	50	.Op Fl -gss-bindings
		51	.Op Fl I \| Fl -no-insecure-oob
51	.Op Fl u Ar default umask	52	.Op Fl u Ar default umask
52	.Op Fl B \| Fl -builtin-ls	53	.Op Fl B \| Fl -builtin-ls
53	.Op Fl -good-chars= Ns Ar string	54	.Op Fl -good-chars= Ns Ar string
Lines 150-155 Link Here
150	.Fl -good-chars= Ns Ar string	151	.Fl -good-chars= Ns Ar string
151	.Xc	152	.Xc
152	allowed anonymous upload filename chars	153	allowed anonymous upload filename chars
		154	.It Xo
		155	.Fl I
		156	.Fl -no-insecure-oob
		157	.Xc
		158	don't allow insecure out of band.
		159	Heimdal ftp client before 0.7 doesn't support secure oob, so turning
		160	on this options makes them no longer work.
153	.El	161	.El
154	.Pp	162	.Pp
155	The file	163	The file
156	-- appl/ftp/ftpd/ftpd.c	164	++ appl/ftp/ftpd/ftpd.c
Lines 61-68 Link Here
61	struct sockaddr pasv_addr = (struct sockaddr )&pasv_addr_ss;	61	struct sockaddr pasv_addr = (struct sockaddr )&pasv_addr_ss;
62		62
63	int data;	63	int data;
64	jmp_buf errcatch, urgcatch;
65	int oobflag;
66	int logged_in;	64	int logged_in;
67	struct passwd *pw;	65	struct passwd *pw;
68	int debug = 0;	66	int debug = 0;
Lines 78-84 Link Here
78	int mode;	76	int mode;
79	int usedefault = 1; /* for data transfers */	77	int usedefault = 1; /* for data transfers */
80	int pdata = -1; /* for passive mode */	78	int pdata = -1; /* for passive mode */
81	int transflag;	79	int allow_insecure_oob = 1;
		80	static int transflag;
		81	static int urgflag;
82	off_t file_size;	82	off_t file_size;
83	off_t byte_count;	83	off_t byte_count;
84	#if !defined(CMASK) \|\| CMASK == 0	84	#if !defined(CMASK) \|\| CMASK == 0
Lines 134-139 Link Here
134		134
135	static void ack (char *);	135	static void ack (char *);
136	static void myoob (int);	136	static void myoob (int);
		137	static int handleoobcmd(void);
137	static int checkuser (char , char );	138	static int checkuser (char , char );
138	static int checkaccess (char *);	139	static int checkaccess (char *);
139	static FILE dataconn (const char , off_t, const char *);	140	static FILE dataconn (const char , off_t, const char *);
Lines 223-228 Link Here
223	{ NULL, 'v', arg_flag, &debug, "enable debugging" },	224	{ NULL, 'v', arg_flag, &debug, "enable debugging" },
224	{ "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },	225	{ "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
225	{ "good-chars", 0, arg_string, &good_chars, "allowed anonymous upload filename chars" },	226	{ "good-chars", 0, arg_string, &good_chars, "allowed anonymous upload filename chars" },
		227	{ "insecure-oob", 'I', arg_negative_flag, &allow_insecure_oob, "don't allow insecure OOB ABOR/STAT" },
226	#ifdef KRB5	228	#ifdef KRB5
227	{ "gss-bindings", 0, arg_flag, &ftp_do_gss_bindings, "Require GSS-API bindings", NULL},	229	{ "gss-bindings", 0, arg_flag, &ftp_do_gss_bindings, "Require GSS-API bindings", NULL},
228	#endif	230	#endif
Lines 429-435 Link Here
429	#endif	431	#endif
430	);	432	);
431		433
432	setjmp(errcatch);
433	for (;;)	434	for (;;)
434	yyparse();	435	yyparse();
435	/* NOTREACHED */	436	/* NOTREACHED */
Lines 1364-1378 Link Here
1364	static char *buf;	1365	static char *buf;
1365	static size_t bufsize;	1366	static size_t bufsize;
1366		1367
1367	transflag++;	1368	transflag = 1;
1368	if (setjmp(urgcatch)) {
1369	transflag = 0;
1370	return;
1371	}
1372	switch (type) {	1369	switch (type) {
1373		1370
1374	case TYPE_A:	1371	case TYPE_A:
1375	while ((c = getc(instr)) != EOF) {	1372	while ((c = getc(instr)) != EOF) {
		1373	if (urgflag && handleoobcmd())
		1374	return;
1376	byte_count++;	1375	byte_count++;
1377	if(c == '\n')	1376	if(c == '\n')
1378	sec_putc('\r', outstr);	1377	sec_putc('\r', outstr);
Lines 1380-1385 Link Here
1380	}	1379	}
1381	sec_fflush(outstr);	1380	sec_fflush(outstr);
1382	transflag = 0;	1381	transflag = 0;
		1382	urgflag = 0;
1383	if (ferror(instr))	1383	if (ferror(instr))
1384	goto file_err;	1384	goto file_err;
1385	if (ferror(outstr))	1385	if (ferror(outstr))
Lines 1389-1394 Link Here
1389		1389
1390	case TYPE_I:	1390	case TYPE_I:
1391	case TYPE_L:	1391	case TYPE_L:
		1392	#if 0 /* XXX handle urg flag */
1392	#if defined(HAVE_MMAP) && !defined(NO_MMAP)	1393	#if defined(HAVE_MMAP) && !defined(NO_MMAP)
1393	#ifndef MAP_FAILED	1394	#ifndef MAP_FAILED
1394	#define MAP_FAILED (-1)	1395	#define MAP_FAILED (-1)
Lines 1412-1421 Link Here
1412	sec_fflush(outstr);	1413	sec_fflush(outstr);
1413	byte_count = cnt;	1414	byte_count = cnt;
1414	transflag = 0;	1415	transflag = 0;
		1416	urgflag = 0;
1415	}	1417	}
1416	}	1418	}
1417	}	1419	}
1418	#endif	1420	#endif
		1421	#endif
1419	if(transflag) {	1422	if(transflag) {
1420	struct stat st;	1423	struct stat st;
1421		1424
Lines 1425-1438 Link Here
1425	fstat(filefd, &st) >= 0 ? &st : NULL);	1428	fstat(filefd, &st) >= 0 ? &st : NULL);
1426	if (buf == NULL) {	1429	if (buf == NULL) {
1427	transflag = 0;	1430	transflag = 0;
		1431	urgflag = 0;
1428	perror_reply(451, "Local resource failure: malloc");	1432	perror_reply(451, "Local resource failure: malloc");
1429	return;	1433	return;
1430	}	1434	}
1431	while ((cnt = read(filefd, buf, bufsize)) > 0 &&	1435	while ((cnt = read(filefd, buf, bufsize)) > 0 &&
1432	sec_write(netfd, buf, cnt) == cnt)	1436	sec_write(netfd, buf, cnt) == cnt) {
1433	byte_count += cnt;	1437	byte_count += cnt;
		1438	if (urgflag && handleoobcmd())
		1439	return;
		1440	}
1434	sec_fflush(outstr); /* to end an encrypted stream */	1441	sec_fflush(outstr); /* to end an encrypted stream */
1435	transflag = 0;	1442	transflag = 0;
		1443	urgflag = 0;
1436	if (cnt != 0) {	1444	if (cnt != 0) {
1437	if (cnt < 0)	1445	if (cnt < 0)
1438	goto file_err;	1446	goto file_err;
Lines 1443-1459 Link Here
1443	return;	1451	return;
1444	default:	1452	default:
1445	transflag = 0;	1453	transflag = 0;
		1454	urgflag = 0;
1446	reply(550, "Unimplemented TYPE %d in send_data", type);	1455	reply(550, "Unimplemented TYPE %d in send_data", type);
1447	return;	1456	return;
1448	}	1457	}
1449		1458
1450	data_err:	1459	data_err:
1451	transflag = 0;	1460	transflag = 0;
		1461	urgflag = 0;
1452	perror_reply(426, "Data connection");	1462	perror_reply(426, "Data connection");
1453	return;	1463	return;
1454		1464
1455	file_err:	1465	file_err:
1456	transflag = 0;	1466	transflag = 0;
		1467	urgflag = 0;
1457	perror_reply(551, "Error on input file");	1468	perror_reply(551, "Error on input file");
1458	}	1469	}
1459		1470
Lines 1471-1486 Link Here
1471	static size_t bufsize;	1482	static size_t bufsize;
1472	struct stat st;	1483	struct stat st;
1473		1484
1474	transflag++;	1485	transflag = 1;
1475	if (setjmp(urgcatch)) {
1476	transflag = 0;
1477	return (-1);
1478	}
1479		1486
1480	buf = alloc_buffer (buf, &bufsize,	1487	buf = alloc_buffer (buf, &bufsize,
1481	fstat(fileno(outstr), &st) >= 0 ? &st : NULL);	1488	fstat(fileno(outstr), &st) >= 0 ? &st : NULL);
1482	if (buf == NULL) {	1489	if (buf == NULL) {
1483	transflag = 0;	1490	transflag = 0;
		1491	urgflag = 0;
1484	perror_reply(451, "Local resource failure: malloc");	1492	perror_reply(451, "Local resource failure: malloc");
1485	return -1;	1493	return -1;
1486	}	1494	}
Lines 1493-1507 Link Here
1493	if (write(fileno(outstr), buf, cnt) != cnt)	1501	if (write(fileno(outstr), buf, cnt) != cnt)
1494	goto file_err;	1502	goto file_err;
1495	byte_count += cnt;	1503	byte_count += cnt;
		1504	if (urgflag && handleoobcmd())
		1505	return (-1);
1496	}	1506	}
1497	if (cnt < 0)	1507	if (cnt < 0)
1498	goto data_err;	1508	goto data_err;
1499	transflag = 0;	1509	transflag = 0;
		1510	urgflag = 0;
1500	return (0);	1511	return (0);
1501		1512
1502	case TYPE_E:	1513	case TYPE_E:
1503	reply(553, "TYPE E not implemented.");	1514	reply(553, "TYPE E not implemented.");
1504	transflag = 0;	1515	transflag = 0;
		1516	urgflag = 0;
1505	return (-1);	1517	return (-1);
1506		1518
1507	case TYPE_A:	1519	case TYPE_A:
Lines 1511-1516 Link Here
1511	while ((cnt = sec_read(fileno(instr),	1523	while ((cnt = sec_read(fileno(instr),
1512	buf + cr_flag,	1524	buf + cr_flag,
1513	bufsize - cr_flag)) > 0){	1525	bufsize - cr_flag)) > 0){
		1526	if (urgflag && handleoobcmd())
		1527	return (-1);
1514	byte_count += cnt;	1528	byte_count += cnt;
1515	cnt += cr_flag;	1529	cnt += cr_flag;
1516	cr_flag = 0;	1530	cr_flag = 0;
Lines 1542-1547 Link Here
1542	if (ferror(outstr))	1556	if (ferror(outstr))
1543	goto file_err;	1557	goto file_err;
1544	transflag = 0;	1558	transflag = 0;
		1559	urgflag = 0;
1545	if (bare_lfs) {	1560	if (bare_lfs) {
1546	lreply(226, "WARNING! %d bare linefeeds received in ASCII mode\r\n"	1561	lreply(226, "WARNING! %d bare linefeeds received in ASCII mode\r\n"
1547	" File may not have transferred correctly.\r\n",	1562	" File may not have transferred correctly.\r\n",
Lines 1552-1567 Link Here
1552	default:	1567	default:
1553	reply(550, "Unimplemented TYPE %d in receive_data", type);	1568	reply(550, "Unimplemented TYPE %d in receive_data", type);
1554	transflag = 0;	1569	transflag = 0;
		1570	urgflag = 0;
1555	return (-1);	1571	return (-1);
1556	}	1572	}
1557		1573
1558	data_err:	1574	data_err:
1559	transflag = 0;	1575	transflag = 0;
		1576	urgflag = 0;
1560	perror_reply(426, "Data Connection");	1577	perror_reply(426, "Data Connection");
1561	return (-1);	1578	return (-1);
1562		1579
1563	file_err:	1580	file_err:
1564	transflag = 0;	1581	transflag = 0;
		1582	urgflag = 0;
1565	perror_reply(452, "Error writing file");	1583	perror_reply(452, "Error writing file");
1566	return (-1);	1584	return (-1);
1567	}	1585	}
Lines 1731-1747 Link Here
1731	reply(502, "%s command not implemented.", s);	1749	reply(502, "%s command not implemented.", s);
1732	}	1750	}
1733		1751
1734	/* ARGSUSED */
1735	void
1736	yyerror(char *s)
1737	{
1738	char *cp;
1739
1740	if ((cp = strchr(cbuf,'\n')))
1741	*cp = '\0';
1742	reply(500, "'%s': command not understood.", cbuf);
1743	}
1744
1745	void	1752	void
1746	do_delete(char *name)	1753	do_delete(char *name)
1747	{	1754	{
Lines 1880-1885 Link Here
1880	dologout(int status)	1887	dologout(int status)
1881	{	1888	{
1882	transflag = 0;	1889	transflag = 0;
		1890	urgflag = 0;
1883	if (logged_in) {	1891	if (logged_in) {
1884	seteuid((uid_t)0);	1892	seteuid((uid_t)0);
1885	ftpd_logwtmp(ttyline, "", "");	1893	ftpd_logwtmp(ttyline, "", "");
Lines 1897-1947 Link Here
1897		1905
1898	void abor(void)	1906	void abor(void)
1899	{	1907	{
		1908	if (!transflag)
		1909	return;
		1910	reply(426, "Transfer aborted. Data connection closed.");
		1911	reply(226, "Abort successful");
		1912	transflag = 0;
1900	}	1913	}
1901		1914
1902	static void	1915	static void
1903	myoob(int signo)	1916	myoob(int signo)
1904	{	1917	{
1905	#if 0	1918	urgflag = 1;
		1919	}
		1920
		1921	static char *
		1922	mec_space(char *p)
		1923	{
		1924	while(isspace((unsigned char )p))
		1925	p++;
		1926	return p;
		1927	}
		1928
		1929	static int
		1930	handleoobcmd(void)
		1931	{
1906	char *cp;	1932	char *cp;
1907	#endif
1908		1933
1909	/* only process if transfer occurring */	1934	/* only process if transfer occurring */
1910	if (!transflag)	1935	if (!transflag)
1911	return;	1936	return 0;
1912		1937
1913	/* This is all XXX */	1938	urgflag = 0;
1914	oobflag = 1;
1915	/* if the command resulted in a new command,
1916	parse that as well */
1917	do{
1918	yyparse();
1919	} while(ftp_command);
1920	oobflag = 0;
1921		1939
1922	#if 0
1923	cp = tmpline;	1940	cp = tmpline;
1924	if (ftpd_getline(cp, 7) == NULL) {	1941	if (ftpd_getline(cp, sizeof(tmpline)) == NULL) {
1925	reply(221, "You could at least say goodbye.");	1942	reply(221, "You could at least say goodbye.");
1926	dologout(0);	1943	dologout(0);
1927	}	1944	}
1928	upper(cp);	1945
1929	if (strcmp(cp, "ABOR\r\n") == 0) {	1946	if (strncasecmp("MIC", cp, 3) == 0) {
1930	tmpline[0] = '\0';	1947	mec(mec_space(cp + 3), prot_safe);
1931	reply(426, "Transfer aborted. Data connection closed.");	1948	} else if (strncasecmp("CONF", cp, 4) == 0) {
1932	reply(226, "Abort successful");	1949	mec(mec_space(cp + 4), prot_confidential);
1933	longjmp(urgcatch, 1);	1950	} else if (strncasecmp("ENC", cp, 3) == 0) {
		1951	mec(mec_space(cp + 3), prot_private);
		1952	} else if (!allow_insecure_oob) {
		1953	reply(533, "Command protection level denied "
		1954	"for paranoid reasons.");
		1955	goto out;
1934	}	1956	}
1935	if (strcmp(cp, "STAT\r\n") == 0) {	1957
		1958	if (secure_command())
		1959	cp = ftp_command;
		1960
		1961	if (strcasecmp(cp, "ABOR\r\n") == 0) {
		1962	abor();
		1963	} else if (strcasecmp(cp, "STAT\r\n") == 0) {
1936	if (file_size != (off_t) -1)	1964	if (file_size != (off_t) -1)
1937	reply(213, "Status: %ld of %ld bytes transferred",	1965	reply(213, "Status: %ld of %ld bytes transferred",
1938	(long)byte_count,	1966	(long)byte_count,
1939	(long)file_size);	1967	(long)file_size);
1940	else	1968	else
1941	reply(213, "Status: %ld bytes transferred"	1969	reply(213, "Status: %ld bytes transferred",
1942	(long)byte_count);	1970	(long)byte_count);
1943	}	1971	}
1944	#endif	1972	out:
		1973	return (transflag == 0);
1945	}	1974	}
1946		1975
1947	/*	1976	/*
Lines 2184-2322 Link Here
2184	void	2213	void
2185	send_file_list(char *whichf)	2214	send_file_list(char *whichf)
2186	{	2215	{
2187	struct stat st;	2216	struct stat st;
2188	DIR *dirp = NULL;	2217	DIR *dirp = NULL;
2189	struct dirent *dir;	2218	struct dirent *dir;
2190	FILE *dout = NULL;	2219	FILE *dout = NULL;
2191	char *dirlist, dirname;	2220	char *dirlist, dirname;
2192	int simple = 0;	2221	int simple = 0;
2193	int freeglob = 0;	2222	int freeglob = 0;
2194	glob_t gl;	2223	glob_t gl;
2195	char buf[MaxPathLen];	2224	char buf[MaxPathLen];
2196		2225
2197	if (strpbrk(whichf, "~{[*?") != NULL) {	2226	if (strpbrk(whichf, "~{[*?") != NULL) {
2198	int flags = GLOB_BRACE\|GLOB_NOCHECK\|GLOB_QUOTE\|GLOB_TILDE\|	2227	int flags = GLOB_BRACE\|GLOB_NOCHECK\|GLOB_QUOTE\|GLOB_TILDE\|
2199	#ifdef GLOB_MAXPATH	2228	#ifdef GLOB_MAXPATH
2200	GLOB_MAXPATH	2229	GLOB_MAXPATH
2201	#else	2230	#else
2202	GLOB_LIMIT	2231	GLOB_LIMIT
2203	#endif	2232	#endif
2204	;	2233	;
2205
2206	memset(&gl, 0, sizeof(gl));
2207	freeglob = 1;
2208	if (glob(whichf, flags, 0, &gl)) {
2209	reply(550, "not found");
2210	goto out;
2211	} else if (gl.gl_pathc == 0) {
2212	errno = ENOENT;
2213	perror_reply(550, whichf);
2214	goto out;
2215	}
2216	dirlist = gl.gl_pathv;
2217	} else {
2218	onefile[0] = whichf;
2219	dirlist = onefile;
2220	simple = 1;
2221	}
2222		2234
2223	if (setjmp(urgcatch)) {	2235	memset(&gl, 0, sizeof(gl));
2224	transflag = 0;	2236	freeglob = 1;
2225	goto out;	2237	if (glob(whichf, flags, 0, &gl)) {
2226	}	2238	reply(550, "not found");
2227	while ((dirname = *dirlist++)) {	2239	goto out;
2228	if (stat(dirname, &st) < 0) {	2240	} else if (gl.gl_pathc == 0) {
2229	/*	2241	errno = ENOENT;
2230	* If user typed "ls -l", etc, and the client	2242	perror_reply(550, whichf);
2231	* used NLST, do what the user meant.	2243	goto out;
2232	*/	2244	}
2233	if (dirname[0] == '-' && *dirlist == NULL &&	2245	dirlist = gl.gl_pathv;
2234	transflag == 0) {	2246	} else {
2235	list_file(dirname);	2247	onefile[0] = whichf;
2236	goto out;	2248	dirlist = onefile;
2237	}	2249	simple = 1;
2238	perror_reply(550, whichf);
2239	if (dout != NULL) {
2240	fclose(dout);
2241	transflag = 0;
2242	data = -1;
2243	pdata = -1;
2244	}
2245	goto out;
2246	}	2250	}
2247		2251
2248	if (S_ISREG(st.st_mode)) {	2252	while ((dirname = *dirlist++)) {
2249	if (dout == NULL) {	2253
2250	dout = dataconn("file list", (off_t)-1, "w");	2254	if (urgflag && handleoobcmd())
2251	if (dout == NULL)	2255	goto out;
2252	goto out;	2256
2253	transflag++;	2257	if (stat(dirname, &st) < 0) {
2254	}	2258	/*
2255	snprintf(buf, sizeof(buf), "%s%s\n", dirname,	2259	* If user typed "ls -l", etc, and the client
2256	type == TYPE_A ? "\r" : "");	2260	* used NLST, do what the user meant.
2257	sec_write(fileno(dout), buf, strlen(buf));	2261	*/
2258	byte_count += strlen(dirname) + 1;	2262	if (dirname[0] == '-' && *dirlist == NULL &&
2259	continue;	2263	transflag == 0) {
2260	} else if (!S_ISDIR(st.st_mode))	2264	list_file(dirname);
2261	continue;	2265	goto out;
2262		2266	}
2263	if ((dirp = opendir(dirname)) == NULL)	2267	perror_reply(550, whichf);
2264	continue;
2265
2266	while ((dir = readdir(dirp)) != NULL) {
2267	char nbuf[MaxPathLen];
2268
2269	if (!strcmp(dir->d_name, "."))
2270	continue;
2271	if (!strcmp(dir->d_name, ".."))
2272	continue;
2273
2274	snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name);
2275
2276	/*
2277	* We have to do a stat to insure it's
2278	* not a directory or special file.
2279	*/
2280	if (simple \|\| (stat(nbuf, &st) == 0 &&
2281	S_ISREG(st.st_mode))) {
2282	if (dout == NULL) {
2283	dout = dataconn("file list", (off_t)-1, "w");
2284	if (dout == NULL)
2285	goto out;	2268	goto out;
2286	transflag++;
2287	}	2269	}
2288	if(strncmp(nbuf, "./", 2) == 0)	2270
2289	snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2,	2271	if (S_ISREG(st.st_mode)) {
2290	type == TYPE_A ? "\r" : "");	2272	if (dout == NULL) {
2291	else	2273	dout = dataconn("file list", (off_t)-1, "w");
2292	snprintf(buf, sizeof(buf), "%s%s\n", nbuf,	2274	if (dout == NULL)
2293	type == TYPE_A ? "\r" : "");	2275	goto out;
2294	sec_write(fileno(dout), buf, strlen(buf));	2276	transflag = 1;
2295	byte_count += strlen(nbuf) + 1;	2277	}
2296	}	2278	snprintf(buf, sizeof(buf), "%s%s\n", dirname,
		2279	type == TYPE_A ? "\r" : "");
		2280	sec_write(fileno(dout), buf, strlen(buf));
		2281	byte_count += strlen(dirname) + 1;
		2282	continue;
		2283	} else if (!S_ISDIR(st.st_mode))
		2284	continue;
		2285
		2286	if ((dirp = opendir(dirname)) == NULL)
		2287	continue;
		2288
		2289	while ((dir = readdir(dirp)) != NULL) {
		2290	char nbuf[MaxPathLen];
		2291
		2292	if (urgflag && handleoobcmd())
		2293	goto out;
		2294
		2295	if (!strcmp(dir->d_name, "."))
		2296	continue;
		2297	if (!strcmp(dir->d_name, ".."))
		2298	continue;
		2299
		2300	snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name);
		2301
		2302	/*
		2303	* We have to do a stat to insure it's
		2304	* not a directory or special file.
		2305	*/
		2306	if (simple \|\| (stat(nbuf, &st) == 0 &&
		2307	S_ISREG(st.st_mode))) {
		2308	if (dout == NULL) {
		2309	dout = dataconn("file list", (off_t)-1, "w");
		2310	if (dout == NULL)
		2311	goto out;
		2312	transflag = 1;
		2313	}
		2314	if(strncmp(nbuf, "./", 2) == 0)
		2315	snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2,
		2316	type == TYPE_A ? "\r" : "");
		2317	else
		2318	snprintf(buf, sizeof(buf), "%s%s\n", nbuf,
		2319	type == TYPE_A ? "\r" : "");
		2320	sec_write(fileno(dout), buf, strlen(buf));
		2321	byte_count += strlen(nbuf) + 1;
		2322	}
		2323	}
		2324	closedir(dirp);
2297	}	2325	}
2298	closedir(dirp);	2326	if (dout == NULL)
2299	}	2327	reply(550, "No files found.");
2300	if (dout == NULL)	2328	else if (ferror(dout) != 0)
2301	reply(550, "No files found.");	2329	perror_reply(550, "Data connection");
2302	else if (ferror(dout) != 0)	2330	else
2303	perror_reply(550, "Data connection");	2331	reply(226, "Transfer complete.");
2304	else	2332
2305	reply(226, "Transfer complete.");
2306
2307	transflag = 0;
2308	if (dout != NULL){
2309	sec_write(fileno(dout), buf, 0); /* XXX flush */
2310
2311	fclose(dout);
2312	}
2313	data = -1;
2314	pdata = -1;
2315	out:	2333	out:
2316	if (freeglob) {	2334	transflag = 0;
2317	freeglob = 0;	2335	if (dout != NULL){
2318	globfree(&gl);	2336	sec_write(fileno(dout), buf, 0); /* XXX flush */
2319	}	2337
		2338	fclose(dout);
		2339	}
		2340	data = -1;
		2341	pdata = -1;
		2342	if (freeglob) {
		2343	freeglob = 0;
		2344	globfree(&gl);
		2345	}
2320	}	2346	}
2321		2347
2322		2348
2323	-- appl/ftp/ftpd/ftpd.cat8	2349	++ appl/ftp/ftpd/ftpd.cat8
Lines 6-13 Link Here
6		6
7	SSYYNNOOPPSSIISS	7	SSYYNNOOPPSSIISS
8	ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvvUU] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt	8	ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvvUU] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt
9	_t_i_m_e_o_u_t] [----ggssss--bbiinnddiinnggss] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB \| ----bbuuiillttiinn--llss]	9	_t_i_m_e_o_u_t] [----ggssss--bbiinnddiinnggss] [--II \| ----nnoo--iinnsseeccuurree--oooobb] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB
10	[----ggoooodd--cchhaarrss==_s_t_r_i_n_g]	10	\| ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g]
11		11
12	DDEESSCCRRIIPPTTIIOONN	12	DDEESSCCRRIIPPTTIIOONN
13	FFttppdd is the Internet File Transfer Protocol server process. The server	13	FFttppdd is the Internet File Transfer Protocol server process. The server
Lines 82-87 Link Here
82	----ggoooodd--cchhaarrss==_s_t_r_i_n_g	82	----ggoooodd--cchhaarrss==_s_t_r_i_n_g
83	allowed anonymous upload filename chars	83	allowed anonymous upload filename chars
84		84
		85	--II ----nnoo--iinnsseeccuurree--oooobb
		86	don't allow insecure out of band. Heimdal ftp client before 0.7
		87	doesn't support secure oob, so turning on this options makes them
		88	no longer work.
		89
85	The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex-	90	The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex-
86	ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists,	91	ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists,
87	ffttppdd prints it before issuing the ``ready'' message. If the file	92	ffttppdd prints it before issuing the ``ready'' message. If the file
88	-- appl/ftp/ftpd/ftpd_locl.h	93	++ appl/ftp/ftpd/ftpd_locl.h
Lines 111-117 Link Here
111	#ifdef HAVE_PWD_H	111	#ifdef HAVE_PWD_H
112	#include <pwd.h>	112	#include <pwd.h>
113	#endif	113	#endif
114	#include <setjmp.h>
115	#include <signal.h>	114	#include <signal.h>
116	#include <stdio.h>	115	#include <stdio.h>
117	#include <stdlib.h>	116	#include <stdlib.h>

Return to bug 60230