Ftpfs security hole particulary fixed
Andrew V. Samoilov
sav at it.efp.com.ua
Wed Feb 6 13:49:05 UTC 2002
Hi, Pavel!
> It would be better it you reported the problem with that server.
Gregory A Lundberg mailed me:
> All this is handled by the external bin/ls program; what you get is what the
> program does.
But I don't know ls option to produce this output.
> You
> could also test other FTP clients to see it they work with the broken
> server (try e.g. gftp and Far Manager).
Far Manager use "LIST" without Unix ls options and does not show dotfiles.
And if I use "LIST -la" instead "LIST -la ." all is ok.
I don't know, is this has not problem with other ftp servers, but it seems it's safe.
Regards,
Andrew.
I commited patch below:
ChangeLog:
* ftpfs.c (dir_load): Use "LIST -la" instead of "LIST -la ."
to eliminate problem with wu-ftpd.
Close sock on error. Eliminate goto.
Index: ftpfs.c
===================================================================
RCS file: /cvs/gnome/mc/vfs/ftpfs.c,v
retrieving revision 1.85
diff -u -p -u -p -r1.85 ftpfs.c
--- ftpfs.c 2002/02/01 12:21:55 1.85
+++ ftpfs.c 2002/02/06 12:08:01
@@ -1231,17 +1232,17 @@ again:
sock = open_data_connection (me, super, "LIST", 0, TYPE_ASCII, 0);
else if (cd_first)
/* Dirty hack to avoid autoprepending / to . */
- sock = open_data_connection (me, super, "LIST -la .", 0, TYPE_ASCII, 0);
+ /* Wu-ftpd produces strange output for '/' if 'LIST -la .' used */
+ sock = open_data_connection (me, super, "LIST -la", 0, TYPE_ASCII, 0);
else {
/* Trailing "/." is necessary if remote_path is a symlink
but don't generate "//." */
- char *path = g_strconcat (remote_path,
- (!*remote_path) ? "" : PATH_SEP_STR,
- ".",
- NULL);
+ char *path = (*remote_path) ? concat_dir_and_file (remote_path, ".")
+ : NULL;
sock = open_data_connection (me, super, "LIST -la", path, TYPE_ASCII, 0);
- g_free (path);
+ if (path)
+ g_free (path);
}
if (sock == -1)
@@ -1279,10 +1280,16 @@ again:
int res = vfs_s_get_line_interruptible (me, buffer, sizeof (buffer), sock);
if (!res)
break;
+
if (res == EINTR) {
me->verrno = ECONNRESET;
- goto error;
+ close (sock);
+ disable_interrupt_key();
+ get_reply(me, SUP.sock, NULL, 0);
+ print_vfs_message(_("ftpfs: failed"));
+ return -1;
}
+
if (logfile){
fputs (buffer, logfile);
fputs ("\n", logfile);
@@ -1328,12 +1335,6 @@ again:
}
#endif
return 0;
-
-error:
- disable_interrupt_key();
- get_reply(me, SUP.sock, NULL, 0);
- print_vfs_message(_("ftpfs: failed"));
- return -1;
fallback:
if (SUP.strict == RFC_AUTODETECT) {
More information about the mc-devel
mailing list