www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Ohnemus <r...@ecompcon.com>
Subject mod_proxy/505: proxy ftp does not work with anonftpd server by D. J. Bernstein
Date Tue, 29 Apr 1997 15:30:01 GMT

>Number:         505
>Category:       mod_proxy
>Synopsis:       proxy ftp does not work with anonftpd server by D. J. Bernstein
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Apr 29 08:30:01 1997
>Originator:     rick@ecompcon.com
>Organization:
apache
>Release:        apache_1.2b10
>Environment:
any
>Description:
proxy ftp hangs while attempting to connect to a system running the anonftpd
server written by D. J. Bernstein. The problem is that proxy_ftp.c is not RFC
1123 compliant. anonftpd responds to the PASV command with
'227 =128,248,178,247,142,64'. proxy_ftp.c is expecting a response containing
parentheses (e.g. '227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).' This causes
the server to be in passive mode but the ftp proxy assumes the PASV command
failed because the parentheses are not found.

>From RFC 1123, section 4.1.2.6 (page 31):

                 The format of the 227 reply to a PASV command is not
                 well standardized.  In particular, an FTP client cannot
                 assume that the parentheses shown on page 40 of RFC-959
                 will be present (and in fact, Figure 3 on page 43 omits
                 them).  Therefore, a User-FTP program that interprets
                 the PASV reply must scan the reply for the first digit
                 of the host and port numbers.
>How-To-Repeat:
Connect to ftp://koobera.math.uic.edu/www/qmail.html through the apache ftp
proxy
>Fix:
The patch below fixes the problem with anonftpd servers. It is not a general
fix. The correct fix is to scan for the six comma separated numbers in the 227
response.

--- proxy_ftp.c.DIST    Tue Apr 29 10:07:26 1997
+++ proxy_ftp.c Tue Apr 29 09:46:18 1997
@@ -694,9 +694,14 @@
        if (pstr != NULL)
        {
            presult = atoi(pstr);
-           pstr = strtok(NULL, "(");   /* separate address & port params */
-           if (pstr != NULL)
-               pstr = strtok(NULL, ")");
+           if (*(pstr + strlen(pstr) + 1) == '=')
+               pstr += strlen(pstr) + 2;
+           else
+           {
+               pstr = strtok(NULL, "(");  /* separate address & port params */
+               if (pstr != NULL)
+                   pstr = strtok(NULL, ")");
+           }
        }
        else
            presult = atoi(pasv);
%0
>Audit-Trail:
>Unformatted:



Mime
View raw message