| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Remove the 3rd clause ("advertising clause") of the BSD license as
permitted by the University of Berkeley on July 22, 1999.
Reviewed by: imp
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
long commands into multiple requests. [08:12]
Avoid calling uninitialized function pointers in protocol switch
code. [08:13]
Merry Christmas everybody...
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-08:12.ftpd, FreeBSD-SA-08:13.protosw
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The support for RFC 2640 (UTF8) is optional and rudimentary.
The server just advertises its capability to handle UTF-8 file
names and relies on its own 8-bit cleanness, as well as on
the backward compatibility of UTF-8 with ASCII. So uploaded
files will have UTF-8 names, but the initial server contents
should be prepared in UTF-8 by hand, no on-the-fly conversion
of file names will be done.
PR: bin/111714
Submitted by: Zhang Weiwu <see email in the PR>
MFC after: 1 week
|
|
|
|
|
|
|
| |
Respect MK_INET6_SUPPORT in Makefile.
Requested by: Attila Nagy <bra at fsn dot hu>
MFC after: 1 week
|
| |
|
|
|
|
|
| |
in server messages wherever this doesn't contradict to a particular
message format.
|
| |
|
|
|
|
| |
Noticed by: Nick Leuta <skynick -at- mail.sc.ru> (some of them)
|
|
|
|
| |
They're unneeded and sometimes erroneous now.
|
|
|
|
|
|
|
| |
(and it appears possible throughout ftpd(8) source.)
It is not a mere issue of style: Null pointers in C
seem to have been mistaken one way or another quite often.
|
|
|
|
|
|
| |
Thank Fortune, the C compiler can figure out by itself the proper
conversion for assignments, comparisons, and prototyped function
arguments.
|
|
|
|
| |
we've got <stdint.h> et al now. (This makes ftpd(8) WARNS=2 clean.)
|
|
|
|
| |
(Heading to WARNS=2.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rationale:
SIGURG is configured by ftpd to interrupt system calls, which is useful
during data transfers. However, SIGURG could interrupt I/O on the
control channel as well, which was mistaken for the end of the session.
A practical example could be aborting the download of a tiny file,
when the abort sequence reached ftpd after ftpd had passed the file
data to the system and returned to its command loop.
Reported by: ceri
MFC after: 1 week
|
|
|
|
|
|
|
|
|
| |
- always check the return value from getc(3) for EOF;
- if the attempt to read the TELNET command byte has
returned EOF, exit from the loop instead of using
the EOF value as a normal character.
MFC after: 1 week
|
|
|
|
| |
leave alone specifying a wrong type for one of them.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
don't reveal the info in reply to the SYST command.
Get rid of using the "unix" macro at the same time. It was a rather
poor way to check if the system was Unix since there were quite a
few Unix clones out there whose cc didn't define "unix" (e.g.,
NetBSD.) It was also sensitive to the C standard used, which caused
unnecessary trouble: With -std=c99, it should have been "__unix__",
and so on.
PR: bin/50690
Submitted by: Alex Semenyaka <alexs _at_ snark.ratmir.ru>
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes such natural commands as "MKD ~user/newdir" or "STOR ~/newfile"
do what they are supposed to instead of failing miserably with the
"File not found" error.
This involves a bit of code reorganization. Namely, the code doing
glob(3) expansion has been separated to a function; a new function
has been introduced to do tilde expansion; the latter function is
invoked on a pathname before the former one. Thus behaviour mimicing
that of the Bourne shell has been achieved.
|
|
|
|
|
|
|
|
| |
host-specific information in FTP server messages (so paranoid
admins can sleep at night :-)
PR: bin/16705
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
separating its part around chroot(2) from that around initial
chdir(2). This makes the below changes really easy.
Move seteuid(to user's uid) to before calling chdir(2). There are
two goals to achieve by that. First, NFS mounted home directories
with restrictive permissions become accessible (local superuser
can't access them if not mapped to uid 0 on the remote side
explicitly.) Second, all the permissions to the home directory
pathname components become effective; previously a user could be
carried to any local directory despite its permissions since the
chdir(2) was done with euid 0. This reduces possible impact from
FTP server misconfiguration, e.g., assigning a wrong home directory
to a user.
Implement the "/./" feature. Now a guest or user subject to chrooting
may have "/./" in his login directory, which separates his chroot
directory from his home directory inside the chrooted environment.
This works for ftpchroot(5) as well.
PR: bin/17843 bin/23944
|
| |
|
|
|
|
|
|
|
|
| |
to a pathname that contains '\r' or '\n'.
Together with the earlier STAT bugfix, this must solve
the problem of such pathnames appearing in the FTP control
stream.
|
|
|
|
|
| |
with the _PATH_LS macro to be consistent
with the rest of the ftpd(8) source.
|
| |
|
|
|
|
|
| |
Submitted by: maxim
MFC after: 5 days
|
|
|
|
|
|
|
|
| |
o PORT takes six byte values, not five.
o TYPE argument is mandatory.
Submitted by: demon (the 1st part)
MFC after: 3 days
|
|
|
|
|
|
|
|
| |
2) Remove unneeded "if not NULL" props from "pathstring",
which will never be NULL by the lexer design.
Inspired by: OpenBSD
MFC after: 1 week
|
|
|
|
|
|
|
|
| |
glob(3) will return at least one pathname unless
a system error has occured. It's not a "not found"
error otherwise.
MFC after: 3 days
|
|
|
|
|
|
|
|
| |
for NULL. The "pathname" rule may return NULL
on a glob(3) error.
Obtained from: OpenBSD
MFC after: 1 week
|
|
|
|
|
|
|
|
|
| |
Earlier, a decimal number (e.g., 890) could be passed
for mode, leading to dangerous permissions set:
-1, that is, 07777.
Obtained from: OpenBSD
MFC after: 1 week
|
|
|
|
|
|
|
|
| |
This eliminates an opportunity for DoS attack.
Pointed out by: maxim
Inspired by: lukemftpd, OpenBSD
MFC after: 2 weeks
|
|
|
|
|
|
|
| |
non-portable constants (in this case, hidden as offsets
to the "?AEIL" string.)
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
returns off_t in yylval.u.o. REST is the only user of yylval.u.o at the
moment.
NB: seems lukemftpd has the same bug.
PR: misc/28629
Reviewed by: ru
Approved by: ru
MFC after: 1 month
|
|
|
|
|
|
|
|
| |
No functional changes from rev. 1.31.
Reviewed by: ru
Approved by: ru
MFC after: 1 week
|
|
|
|
|
|
| |
o Use new-style function definitions
o remove some !__STDC__ code
o eliminate register
|
|
|
|
|
|
|
|
|
|
|
|
| |
handlers to set flags only (with exception for sigquit(),
which still seems to call some non-reentrant functions on
its way to _exit(2).) That must eliminate the possibility
of catching SIGSEGV from following non-reentrant paths from
signal handlers.
PR: bin/32740 bin/33846
Submitted by: Maxim Konovalov <maxim@macomnet.ru>
Obtained from: OpenBSD
|
|
|
|
|
|
|
|
| |
Hiroyuki YAMAMORI gave a patch for the EPRT command in the
PR below. Problems with the rest of the patch are my fault.
PR: 33268
Reviewed by: iedowse, sheldonh
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-O, which limits the impact of the write-only restriction to guest
users.
*) The existing manual page's SYNOPSIS and option listing in the
DESCRIPTION are already horribly disordered. No attempt has been
made to fix this.
*) The existing source's getopt() optstring and option handling switch
are already horribly disordered. No attempt has been made to fix
this.
Discussed with: nik, -audit
|
|
|
|
|
|
|
|
|
| |
preventing anyone from downloading files. In conjunction with -A, and some
appropriate file permissions, this lets you create an anonymous FTP drop
box for people to upload files to.
The more obvious "-w" flag is already taken by NetBSD's ftpd. "-o" was
available as an option letter in all three BSDs.
|
|
|
|
|
| |
in conflict with library values of the same name. This allows static
linking.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Limit the "pathname" glob to one item, as that is what all users of it
are expecting, except for LIST.
Always glob, instead of when the first character is a ~. For example,
if you had directories ~/x1, and ~/x2, then "cwd x[1]" would fail, but
"cwd ~/x[1]" would work since it was globbed due to the ~ character.
Also, "cwd ~/x[12]" used to arbitarily work as it used the first
expansion (ie: x1) without an error. Make it return '550 ambiguous'
instead of '550 not found' so that the user can see the difference.
For LIST, just use the user supplied string as the popen does the glob.
Problem noticed by: Ajay Mittal <amittal@iprg.nokia.com>
|
|
|
|
| |
using tilde expansion.
|
| |
|
|
|
|
|
|
|
|
|
| |
This allows you to determine if the file on the other side is the same
as the one you have without transferring the entire file to compare.
Needless to say, if the server end lies to you this check doesn't work,
but on the other hand, if it lies to you about the files checksum,
what can you trust from it ?
|
| |
|