[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GSSFTP client doesn't follow RFC.

I noticed this while hacking GSS support into an FTP server: the FTP
client that comes with heimdal doesn't correctly honor continuation
from the server.  Here's the data displayed by the client:
S:    NetBSD 1.5Y (RHODES) #0: Sat Oct  6 07:48:20 EDT 2001
ftp: Login failed.

I verified that the server wrote the following data:
631-base64(gss_wrap(    NetBSD 1.5Y...))
(something ignored by the client).

See lines 748-764 in rfc2228.txt to verify that this is RFC-compliant.
The problem, in the client, is in the getreply() code...  It checks
if the data is complete by seeing if (buf[3] == ' ').  According to
rfc959 (and the above example in rfc2228), that's not adequate for
determining command completion.  What you need to do is check that
the line begins with three digits and a space before assuming it's
the last line in the reply.  The following patch addresses this...

--- ftp.c	Sat Nov 24 22:16:36 2001
+++ ftp.c       Tue Sep 25 06:17:11 2001
@@ -32,6 +32,7 @@
 #include "ftp_locl.h"
+#include <ctype.h>
 RCSID ("$Id: ftp.c,v 1.2 2001/09/24 13:22:26 wiz Exp $");
 struct sockaddr_storage hisctladdr_ss;
@@ -368,7 +369,7 @@
                    lead_string = "";
                if (verbose > 0 || (verbose > -1 && code > 499))
                    fprintf (stdout, "%s%s\n", lead_string, buf);
-               if (buf[3] == ' ') {
+               if (isdigit(buf[0]) && isdigit(buf[1]) && isdigit(buf[2]) && buf[3] == ' ') {
                    strcpy (reply_string, buf);
                    if (code >= 200)
                        cpend = 0;

I'll also point out that you don't seem to be handling the case
where the server wraps multiple lines from the response into one
63[123] reply, but the patch for that is not so easy, so I'll
leave that one alone.