httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r608680 - in /httpd/mod_ftp/trunk: CHANGES-FTP include/mod_ftp.h modules/ftp/ftp_commands.c modules/ftp/ftp_connection.c
Date Fri, 04 Jan 2008 00:01:20 GMT
Author: wrowe
Date: Thu Jan  3 16:01:18 2008
New Revision: 608680

URL: http://svn.apache.org/viewvc?rev=608680&view=rev
Log:
Kill two bugs with one stone;

* Ensure that USER must preceed PASS
* Ensure that USER failing the FTPOptions RequireSSL test 
  won't permit a PASS to succeed.


Modified:
    httpd/mod_ftp/trunk/CHANGES-FTP
    httpd/mod_ftp/trunk/include/mod_ftp.h
    httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c
    httpd/mod_ftp/trunk/modules/ftp/ftp_connection.c

Modified: httpd/mod_ftp/trunk/CHANGES-FTP
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/CHANGES-FTP?rev=608680&r1=608679&r2=608680&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/CHANGES-FTP (original)
+++ httpd/mod_ftp/trunk/CHANGES-FTP Thu Jan  3 16:01:18 2008
@@ -1,4 +1,10 @@
-Changes in 0.9.0:  [post submission, prior to first release]
+Changes in 0.9.2:
+
+  *) Ensure that USER must preceed PASS, and that USER failing the
+     FTPOptions RequireSSL test won't permit a PASS to succeed.
+     [William Rowe]
+
+Changes post submission, and prior to first release
 
   *) Fix the REST command to accept large file sizes allowing
      restart of transfers larger than 2GB on largefile enabled systems.

Modified: httpd/mod_ftp/trunk/include/mod_ftp.h
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/include/mod_ftp.h?rev=608680&r1=608679&r2=608680&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/include/mod_ftp.h (original)
+++ httpd/mod_ftp/trunk/include/mod_ftp.h Thu Jan  3 16:01:18 2008
@@ -340,6 +340,7 @@
 
 #define FTP_DATA_BLOCK_SIZE  48000 /* Size in bytes to read at a time
                                       on the data channel */
+
 /* Wrappers for module_config
  *
  * mod_ftp.c
@@ -356,6 +357,10 @@
  * ftp_connection.c
  */
 int ftp_process_connection(conn_rec *c);
+
+/* Placeholder of "unknown" username (not valid for ftp_cmd_pass)
+ */
+extern const char ftp_unknown_username[];
 
 /* Routines for handling FTP requests 
  *

Modified: httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c?rev=608680&r1=608679&r2=608680&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c (original)
+++ httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c Thu Jan  3 16:01:18 2008
@@ -1008,18 +1008,21 @@
 static int ftp_cmd_pass(request_rec *r, const char *arg)
 {
     ftp_connection *fc = ftp_get_module_config(r->request_config);
+    conn_rec *c = r->connection;
+    ftp_server_config *fsc = 
+        ftp_get_module_config(c->base_server->module_config);
     core_server_config *ftpcore = NULL;
     char *userdir = NULL;
     ftp_dir_config *dconf;
-    conn_rec *c = r->connection;
     request_rec *rr;
     char *userpass;
     server_rec *ftpserver;
     apr_status_t rv;
     char *tmppath;
 
-    ftp_server_config *fsc = 
-        ftp_get_module_config(c->base_server->module_config);
+    if (fc->user == ftp_unknown_username) {
+        return FTP_REPLY_BAD_SEQUENCE;
+    }
 
     /* Reset the possibly mauled ap_document_root and our cwd
      * with each attempt to finish logging in.
@@ -2704,6 +2707,7 @@
     fc->user = apr_pstrdup(fc->login_pool, arg);
 
     if ((fsc->options & FTP_OPT_REQUIRESSL) && !fc->is_secure) {
+        fc->user = ftp_unknown_username;
         fc->response_notes = apr_pstrdup(r->pool,
                                          "This server requires the use of "
                                          "SSL");

Modified: httpd/mod_ftp/trunk/modules/ftp/ftp_connection.c
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/ftp_connection.c?rev=608680&r1=608679&r2=608680&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/modules/ftp/ftp_connection.c (original)
+++ httpd/mod_ftp/trunk/modules/ftp/ftp_connection.c Thu Jan  3 16:01:18 2008
@@ -23,6 +23,10 @@
 #define FTP_BUILD
 #include "mod_ftp.h"
 
+/* Placeholder of "unknown" username (not valid for ftp_cmd_pass)
+ */
+const char ftp_unknown_username[] = "unknown";
+
 /*
  * initialize_ftp_connection: Used to initialize the ftp_connection structure
  *                            when accepting an incoming FTP connection.
@@ -38,7 +42,7 @@
      * the members that we need to.
      */
     fc->connection       = c;
-    fc->user             = "unknown";
+    fc->user             = ftp_unknown_username;
     fc->auth             = FTP_AUTH_NONE;
     fc->prot             = FTP_PROT_CLEAR;
     fc->type             = TYPE_A;



Mime
View raw message