incubator-mod_ftp-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: svn commit: r504452 - /incubator/mod_ftp/trunk/modules/ftp/ftp_commands.c
Date Wed, 07 Feb 2007 07:00:06 GMT
wrowe@apache.org wrote:
> Author: wrowe
> Date: Tue Feb  6 22:54:46 2007
> New Revision: 504452
> 
> URL: http://svn.apache.org/viewvc?view=rev&rev=504452
> Log:
> Move the socket creation AFTER the socket address resolution, so that
> we can leverage the created socket's family.  Allows us to create an
> IPv6 socket when appropriate in response to PASV (an unusual situation.)
> 
> Finally, offer an alternative if the socket is not an IPv4 or faux-IPv4
> socket, and respond to PASV with 127,555,555,555,p,p - an invalid port
> as suggested at http://cr.yp.to/ftp/retr.html - to allow some value to
> be returned other than the currently bogus (::1,p,p).
> 
> We have two other alternatives that would be somewhat legitimate in this
> impossible case, (,,,,p,p) or (0.0.0.0,p,p), but the later has a defined
> meaning and the prior might choke more clients than the suggested exception.
> 
> This is only triggered for a PASV command over an IPv6 socket, so it's a
> very obscure edge case in the first place.

FYI - this logic also is triggered if it's an entirely non-IP socket,
something I don't expect to happen, but... you never know.  Remember
that FTPPasvAddr and FTPPasvBindAddr can be used to trick things.

The only other edge case I see is permitting an IPv6 FTPPasvAddr (not
the reported address, the listen address).  FTPPasvBindAddr lets the
server present an 'apparent address' to the clients PASV response.

> @@ -1515,8 +1518,21 @@
>      else if (fsc->pasv_bindaddr) {
>          a = apr_pstrdup(c->pool, fsc->pasv_bindaddr);
>      }
> -    else {
> +    else if ((c->local_addr->family == AF_INET)
> +#if APR_HAVE_IPV6
> +          || (c->local_addr->family == AF_INET6
> +          && IN6_IS_ADDR_V4MAPPED((struct in6_addr *)c->local_addr->ipaddr_ptr))
> +#endif
> +             ) {
>          a = apr_pstrdup(c->pool, c->local_ip);
> +    }
> +    else {
> +        /* a bogus answer, which will not be translated below,
> +         * wherein clients can choose to connect back to the
> +         * original, same address.  Suggested as an early solution
> +         * at http://cr.yp.to/ftp/retr.html
> +         */
> +        a = "127,555,555,555";
>      }
>  
>      /* Translate x.x.x.x to x,x,x,x */
> 
> 
> 

Mime
View raw message