Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 91416 invoked from network); 4 Jan 2008 00:01:45 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 4 Jan 2008 00:01:45 -0000 Received: (qmail 33346 invoked by uid 500); 4 Jan 2008 00:01:34 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 33146 invoked by uid 500); 4 Jan 2008 00:01:34 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 33135 invoked by uid 99); 4 Jan 2008 00:01:33 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Jan 2008 16:01:33 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Jan 2008 00:01:29 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 69BAA1A9832; Thu, 3 Jan 2008 16:01:21 -0800 (PST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r608680 - in /httpd/mod_ftp/trunk: CHANGES-FTP include/mod_ftp.h modules/ftp/ftp_commands.c modules/ftp/ftp_connection.c Date: Fri, 04 Jan 2008 00:01:20 -0000 To: cvs@httpd.apache.org From: wrowe@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080104000121.69BAA1A9832@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: wrowe Date: Thu Jan 3 16:01:18 2008 New Revision: 608680 URL: http://svn.apache.org/viewvc?rev=608680&view=rev Log: Kill two bugs with one stone; * Ensure that USER must preceed PASS * Ensure that USER failing the FTPOptions RequireSSL test won't permit a PASS to succeed. Modified: httpd/mod_ftp/trunk/CHANGES-FTP httpd/mod_ftp/trunk/include/mod_ftp.h httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c httpd/mod_ftp/trunk/modules/ftp/ftp_connection.c Modified: httpd/mod_ftp/trunk/CHANGES-FTP URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/CHANGES-FTP?rev=608680&r1=608679&r2=608680&view=diff ============================================================================== --- httpd/mod_ftp/trunk/CHANGES-FTP (original) +++ httpd/mod_ftp/trunk/CHANGES-FTP Thu Jan 3 16:01:18 2008 @@ -1,4 +1,10 @@ -Changes in 0.9.0: [post submission, prior to first release] +Changes in 0.9.2: + + *) Ensure that USER must preceed PASS, and that USER failing the + FTPOptions RequireSSL test won't permit a PASS to succeed. + [William Rowe] + +Changes post submission, and prior to first release *) Fix the REST command to accept large file sizes allowing restart of transfers larger than 2GB on largefile enabled systems. Modified: httpd/mod_ftp/trunk/include/mod_ftp.h URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/include/mod_ftp.h?rev=608680&r1=608679&r2=608680&view=diff ============================================================================== --- httpd/mod_ftp/trunk/include/mod_ftp.h (original) +++ httpd/mod_ftp/trunk/include/mod_ftp.h Thu Jan 3 16:01:18 2008 @@ -340,6 +340,7 @@ #define FTP_DATA_BLOCK_SIZE 48000 /* Size in bytes to read at a time on the data channel */ + /* Wrappers for module_config * * mod_ftp.c @@ -356,6 +357,10 @@ * ftp_connection.c */ int ftp_process_connection(conn_rec *c); + +/* Placeholder of "unknown" username (not valid for ftp_cmd_pass) + */ +extern const char ftp_unknown_username[]; /* Routines for handling FTP requests * Modified: httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c?rev=608680&r1=608679&r2=608680&view=diff ============================================================================== --- httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c (original) +++ httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c Thu Jan 3 16:01:18 2008 @@ -1008,18 +1008,21 @@ static int ftp_cmd_pass(request_rec *r, const char *arg) { ftp_connection *fc = ftp_get_module_config(r->request_config); + conn_rec *c = r->connection; + ftp_server_config *fsc = + ftp_get_module_config(c->base_server->module_config); core_server_config *ftpcore = NULL; char *userdir = NULL; ftp_dir_config *dconf; - conn_rec *c = r->connection; request_rec *rr; char *userpass; server_rec *ftpserver; apr_status_t rv; char *tmppath; - ftp_server_config *fsc = - ftp_get_module_config(c->base_server->module_config); + if (fc->user == ftp_unknown_username) { + return FTP_REPLY_BAD_SEQUENCE; + } /* Reset the possibly mauled ap_document_root and our cwd * with each attempt to finish logging in. @@ -2704,6 +2707,7 @@ fc->user = apr_pstrdup(fc->login_pool, arg); if ((fsc->options & FTP_OPT_REQUIRESSL) && !fc->is_secure) { + fc->user = ftp_unknown_username; fc->response_notes = apr_pstrdup(r->pool, "This server requires the use of " "SSL"); Modified: httpd/mod_ftp/trunk/modules/ftp/ftp_connection.c URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/ftp_connection.c?rev=608680&r1=608679&r2=608680&view=diff ============================================================================== --- httpd/mod_ftp/trunk/modules/ftp/ftp_connection.c (original) +++ httpd/mod_ftp/trunk/modules/ftp/ftp_connection.c Thu Jan 3 16:01:18 2008 @@ -23,6 +23,10 @@ #define FTP_BUILD #include "mod_ftp.h" +/* Placeholder of "unknown" username (not valid for ftp_cmd_pass) + */ +const char ftp_unknown_username[] = "unknown"; + /* * initialize_ftp_connection: Used to initialize the ftp_connection structure * when accepting an incoming FTP connection. @@ -38,7 +42,7 @@ * the members that we need to. */ fc->connection = c; - fc->user = "unknown"; + fc->user = ftp_unknown_username; fc->auth = FTP_AUTH_NONE; fc->prot = FTP_PROT_CLEAR; fc->type = TYPE_A;