Ftpfs security hole particulary fixed

Andrew V. Samoilov sav at it.efp.com.ua
Wed Feb 6 13:49:05 UTC 2002


Hi, Pavel!

> It would be better it you reported the problem with that server.

Gregory A Lundberg mailed me:

> All this is handled by the external bin/ls program; what you get is what the
> program does.

But I don't know ls option to produce this output.

>  You
> could also test other FTP clients to see it they work with the broken
> server (try e.g. gftp and Far Manager).

Far Manager use "LIST" without Unix ls options and does not show dotfiles.

And if I use "LIST -la" instead "LIST -la ." all is ok.
I don't know, is this has not problem with other ftp servers, but it seems it's safe.

Regards,
Andrew.

I commited patch below:
ChangeLog:
 * ftpfs.c (dir_load): Use "LIST -la" instead of "LIST -la ."
 to eliminate problem with wu-ftpd.
 Close sock on error. Eliminate goto.

Index: ftpfs.c
===================================================================
RCS file: /cvs/gnome/mc/vfs/ftpfs.c,v
retrieving revision 1.85
diff -u -p -u -p -r1.85 ftpfs.c
--- ftpfs.c 2002/02/01 12:21:55 1.85
+++ ftpfs.c 2002/02/06 12:08:01
@@ -1231,17 +1232,17 @@ again:
         sock = open_data_connection (me, super, "LIST", 0, TYPE_ASCII, 0);
     else if (cd_first)
  /* Dirty hack to avoid autoprepending / to . */
-        sock = open_data_connection (me, super, "LIST -la .", 0, TYPE_ASCII, 0);
+ /* Wu-ftpd produces strange output for '/' if 'LIST -la .' used */
+        sock = open_data_connection (me, super, "LIST -la", 0, TYPE_ASCII, 0);
     else {
  /* Trailing "/." is necessary if remote_path is a symlink
            but don't generate "//." */
- char *path = g_strconcat (remote_path, 
-      (!*remote_path) ? "" : PATH_SEP_STR,
-      ".", 
-      NULL);
+ char *path = (*remote_path) ? concat_dir_and_file (remote_path, ".")
+        : NULL;
 
         sock = open_data_connection (me, super, "LIST -la", path, TYPE_ASCII, 0);
- g_free (path);
+ if (path)
+     g_free (path);
     }
 
     if (sock == -1)
@@ -1279,10 +1280,16 @@ again:
  int res = vfs_s_get_line_interruptible (me, buffer, sizeof (buffer), sock);
  if (!res)
      break;
+
  if (res == EINTR) {
      me->verrno = ECONNRESET;
-     goto error;
+     close (sock);
+     disable_interrupt_key();
+     get_reply(me, SUP.sock, NULL, 0);
+     print_vfs_message(_("ftpfs: failed"));
+     return -1;
  }
+
  if (logfile){
      fputs (buffer, logfile);
             fputs ("\n", logfile);
@@ -1328,12 +1335,6 @@ again:
     }
 #endif
     return 0;
-
-error:
-    disable_interrupt_key();
-    get_reply(me, SUP.sock, NULL, 0);
-    print_vfs_message(_("ftpfs: failed"));
-    return -1;
 
 fallback:
     if (SUP.strict == RFC_AUTODETECT) {





More information about the mc-devel mailing list