mina-ftpserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sai Pullabhotla <sai.pullabho...@jmethods.com>
Subject Re: FTPServer 1.0.4: suspect race condition during requestPassivePort() hanging FTP(S) server with one passive data connection port
Date Thu, 25 Mar 2010 13:42:07 GMT
If we reject simultaneous data connections from a given source IP,
What would be the implications when connections are in fact from two
different clients, but they all go through the same router (in a
typical work/home network)? The FTP server would see the public IP of
the router, isn't it?

Regards,
Sai Pullabhotla





On Thu, Mar 25, 2010 at 8:37 AM, Niklas Gustavsson <niklas@protocol7.com> wrote:
> On Thu, Mar 25, 2010 at 2:30 PM, Sai Pullabhotla
> <sai.pullabhotla@jmethods.com> wrote:
>> I've not looked at the patch that supports concurrent data connections
>> on a single passive port, but I've some serious doubts as to if it is
>> even  legitimate to have such support and if we can gracefully handle
>> such scenario.
>
> I think most FTP servers support concurrent use of the same port.
>
>> Here is an example scenario -
>>
>> 1. Client A has more than one session (for this example let us say
>> two) open with the FTP server.
>> 2. Session 1 issues PASV command.
>> 3. Server replies back asking to connect on port 2000.
>> 4. About the same time, Session 2 issues PASV command
>> 5. Server replies back asking to connect on port 2000.
>> 6. Both session 1 and session 2 connect to port 2000 almost at the same time.
>> 7. How do we distinguish which data connection belongs to which
>> control session?
>>
>> Would we possibly be sending/receiving incorrect data on session 1/2?
>
> Step 5 must not be allowed. That is, we should not have two waiting
> passive ports from the same IP. In this case (if only port 2000 is
> used for passive ports), step 5 should be returning a 4XX reply.
>
> Would that work?
>
> All considered, adding support for this will require quite some work
> when it comes to testing.
>
> /niklas
>

Mime
View raw message