#
1.75 |
|
28-Apr-2024 |
florian |
gmtime(3) / locatime(3) can fail when timestamps are way off.
Add missing error checks to all calls under libexec/
Input & OK millert
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.74 |
|
08-Mar-2023 |
guenther |
Delete obsolete /* ARGSUSED */ lint comments.
ok miod@ millert@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.73 |
|
31-May-2021 |
jan |
Convert K&R function definitions to modern C.
OK naddy@, millert@
|
#
1.72 |
|
23-May-2021 |
jan |
Constify function parameters.
OK martijn@
|
#
1.71 |
|
22-May-2021 |
jan |
Remove useless islower(2) before toupper(3).
OK martijn@
|
#
1.70 |
|
20-May-2021 |
jan |
Removes the useless FILE* parameter of get_line(). While here fix minor whitespace mistake.
"looks fine to me" chris@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.69 |
|
04-Mar-2020 |
millert |
Avoid passing a NULL name to retrieve(), use "." instead. Fixes a "vfprintf %s NULL" warning in ftpd. OK deraadt@ tb@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.68 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.67 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.66 |
|
27-Apr-2017 |
mikeb |
Don't send multiple error messages in response to a single command
While a few commands (such as HELP and NOOP) are allowed in between USER and PASS, most of the others are not. However if such command is issued, ftpd should abort the command evaluation early and reply with "530 Please login with USER and PASS."
From form@, with input from deraadt@ and OK millert@
|
#
1.65 |
|
17-Apr-2017 |
deraadt |
memset() of password field should be explicit_bzero(). [Not using freezero() in yacc files yet]
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.64 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.63 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.62 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.61 |
|
25-Oct-2015 |
tedu |
unifdef some oldness. (BSD not defined since removal of param.h) ok jca sthen
|
#
1.60 |
|
18-Aug-2015 |
deraadt |
calloc() is prototyped; do not cast result
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.59 |
|
17-Mar-2015 |
millert |
Eliminate use of TM_YEAR_BASE. OK guenther@ deraadt@ miod@
|
#
1.58 |
|
15-Mar-2015 |
millert |
tzfile.h is an internal header that should never have been installed. What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.57 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.56 |
|
08-Feb-2014 |
millert |
Fix REST (restart transfer) for offsets large than 2GB. OK okan@
|
#
1.55 |
|
27-Nov-2013 |
deraadt |
unsigned char for ctype ok okan kettenis
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.54 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.53 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.52 |
|
13-Sep-2008 |
moritz |
Fix minor bug in the previous commit, which could hang the current session, when the last character of an overly long line was a newline character. Additionally reply with 500 "Command too long" for commands, which are too large.
Issue found and proposed fix by Luke Mewburn <lukem@NetBSD.org>.
ok millert@
|
#
1.51 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.50 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.49 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.48 |
|
11-Dec-2004 |
moritz |
make syscalls in the monitor restartable when signals occur, as was the case before privsep and only wait() for our slave processes. with help from millert@
ok millert@ henning@
|
#
1.47 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.46 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.45 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.44 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.43 |
|
10-Dec-2003 |
deraadt |
spacing
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.42 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.41 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.40 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.39 |
|
19-Feb-2002 |
mpech |
Rewrite upper().
millert@ ok
|
#
1.38 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.37 |
|
30-Jan-2002 |
mpech |
Fix leak in `EPSV ALL`. Since now ``ALL'' should be treated like CRLF, COMMA, etc.
millert@ ok
|
#
1.36 |
|
30-Jan-2002 |
mpech |
protect `RNTO` from NULL pointer.
millert@ ok
|
#
1.35 |
|
25-Jan-2002 |
mpech |
s is pointer. 0 -> NULL.
millert@ ok
|
#
1.34 |
|
25-Jan-2002 |
mpech |
Catch not valid chmod value earlier. This make sense, before we didn't handle some situations and pass value to chmod() instead of fatal. Idea stolen from `SITE UMASK` handler.
millert@ ok
|
#
1.33 |
|
23-Jan-2002 |
mpech |
lookup() returns pointer. Convert 0 -> NULL.
millert@ ok
|
#
1.32 |
|
23-Jan-2002 |
mpech |
``pathname'' can be NULL here too.
millert@ ok
|
#
1.31 |
|
17-Jan-2002 |
itojun |
reject SIZE request for ascii mode if file is larger than 10k.
|
#
1.30 |
|
08-Jan-2002 |
millert |
Close potential memory leak wrt "fromname"; inspired by similar FreeBSD changes.
|
#
1.29 |
|
08-Jan-2002 |
millert |
STRING is never NULL so there is no need to test it for NULL before freeing it.
|
#
1.28 |
|
28-Dec-2001 |
millert |
Fix memory leak with EPRT command; Hiroyuki YAMAMORI
|
#
1.27 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.26 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.25 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.24 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
#
1.23 |
|
13-Nov-2000 |
itojun |
combine check_epsvall + check_login into check_login_epsvall. we cnanot split check_login and check_epsvall. if we do that, we end up generating two results against single comand.
|
#
1.22 |
|
13-Nov-2000 |
itojun |
make sure to check_login on EPSV/LPSV. move epvsall check into check_epsvall.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.21 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.20 |
|
29-Apr-2000 |
deraadt |
indent
|
#
1.19 |
|
15-Jan-2000 |
ericj |
(char *)0 -> NULL cleanup. From NetBSD
|
#
1.18 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
08-Oct-1999 |
deraadt |
correct; dholland@hcs.harvard.edu, root@zen.ics.uwe.ac.uk
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.16 |
|
22-May-1998 |
deraadt |
use TM_YEAR_BASE; lukem
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.15 |
|
03-Feb-1998 |
downsj |
Work around a glob() and Netscape problem; the local glob() hacker may want to read the commentary if he wants another project.
|
#
1.14 |
|
18-Dec-1997 |
deraadt |
Be so specific about the exact details of a PORT command error, that we strike fear into the hearts of attackers (naw, I bet not...)
|
#
1.13 |
|
18-Dec-1997 |
deraadt |
bitch if attacker tries to make PORT values overflow each other (they cannot anyways, but let him know we are onto him)
|
#
1.12 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.10 |
|
22-Jul-1997 |
deraadt |
setproctitle less
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.9 |
|
02-Jan-1997 |
bitblt |
Fix for the shift-reduce conflict, contributed by dholland@hcs.harvard.edu, who is porting the OpenBSD ftpd to (of all things) Linux.
|
#
1.8 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.7 |
|
16-Oct-1996 |
bitblt |
Fixed a memory leak associated with the HELP and SITE HELP commands.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
19-Sep-1996 |
bitblt |
reduced the number of command availibe to users who are not logged in, fixed a memory leak in RNFR
|
#
1.5 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.4 |
|
22-Aug-1996 |
deraadt |
de-gibble ftpd for w
|
#
1.3 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.2 |
|
23-Apr-1996 |
deraadt |
sync with netbsd 960418
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.74 |
|
08-Mar-2023 |
guenther |
Delete obsolete /* ARGSUSED */ lint comments.
ok miod@ millert@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.73 |
|
31-May-2021 |
jan |
Convert K&R function definitions to modern C.
OK naddy@, millert@
|
#
1.72 |
|
23-May-2021 |
jan |
Constify function parameters.
OK martijn@
|
#
1.71 |
|
22-May-2021 |
jan |
Remove useless islower(2) before toupper(3).
OK martijn@
|
#
1.70 |
|
20-May-2021 |
jan |
Removes the useless FILE* parameter of get_line(). While here fix minor whitespace mistake.
"looks fine to me" chris@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.69 |
|
04-Mar-2020 |
millert |
Avoid passing a NULL name to retrieve(), use "." instead. Fixes a "vfprintf %s NULL" warning in ftpd. OK deraadt@ tb@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.68 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.67 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.66 |
|
27-Apr-2017 |
mikeb |
Don't send multiple error messages in response to a single command
While a few commands (such as HELP and NOOP) are allowed in between USER and PASS, most of the others are not. However if such command is issued, ftpd should abort the command evaluation early and reply with "530 Please login with USER and PASS."
From form@, with input from deraadt@ and OK millert@
|
#
1.65 |
|
17-Apr-2017 |
deraadt |
memset() of password field should be explicit_bzero(). [Not using freezero() in yacc files yet]
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.64 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.63 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.62 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.61 |
|
25-Oct-2015 |
tedu |
unifdef some oldness. (BSD not defined since removal of param.h) ok jca sthen
|
#
1.60 |
|
18-Aug-2015 |
deraadt |
calloc() is prototyped; do not cast result
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.59 |
|
17-Mar-2015 |
millert |
Eliminate use of TM_YEAR_BASE. OK guenther@ deraadt@ miod@
|
#
1.58 |
|
15-Mar-2015 |
millert |
tzfile.h is an internal header that should never have been installed. What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.57 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.56 |
|
08-Feb-2014 |
millert |
Fix REST (restart transfer) for offsets large than 2GB. OK okan@
|
#
1.55 |
|
27-Nov-2013 |
deraadt |
unsigned char for ctype ok okan kettenis
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.54 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.53 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.52 |
|
13-Sep-2008 |
moritz |
Fix minor bug in the previous commit, which could hang the current session, when the last character of an overly long line was a newline character. Additionally reply with 500 "Command too long" for commands, which are too large.
Issue found and proposed fix by Luke Mewburn <lukem@NetBSD.org>.
ok millert@
|
#
1.51 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.50 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.49 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.48 |
|
11-Dec-2004 |
moritz |
make syscalls in the monitor restartable when signals occur, as was the case before privsep and only wait() for our slave processes. with help from millert@
ok millert@ henning@
|
#
1.47 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.46 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.45 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.44 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.43 |
|
10-Dec-2003 |
deraadt |
spacing
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.42 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.41 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.40 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.39 |
|
19-Feb-2002 |
mpech |
Rewrite upper().
millert@ ok
|
#
1.38 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.37 |
|
30-Jan-2002 |
mpech |
Fix leak in `EPSV ALL`. Since now ``ALL'' should be treated like CRLF, COMMA, etc.
millert@ ok
|
#
1.36 |
|
30-Jan-2002 |
mpech |
protect `RNTO` from NULL pointer.
millert@ ok
|
#
1.35 |
|
25-Jan-2002 |
mpech |
s is pointer. 0 -> NULL.
millert@ ok
|
#
1.34 |
|
25-Jan-2002 |
mpech |
Catch not valid chmod value earlier. This make sense, before we didn't handle some situations and pass value to chmod() instead of fatal. Idea stolen from `SITE UMASK` handler.
millert@ ok
|
#
1.33 |
|
23-Jan-2002 |
mpech |
lookup() returns pointer. Convert 0 -> NULL.
millert@ ok
|
#
1.32 |
|
23-Jan-2002 |
mpech |
``pathname'' can be NULL here too.
millert@ ok
|
#
1.31 |
|
17-Jan-2002 |
itojun |
reject SIZE request for ascii mode if file is larger than 10k.
|
#
1.30 |
|
08-Jan-2002 |
millert |
Close potential memory leak wrt "fromname"; inspired by similar FreeBSD changes.
|
#
1.29 |
|
08-Jan-2002 |
millert |
STRING is never NULL so there is no need to test it for NULL before freeing it.
|
#
1.28 |
|
28-Dec-2001 |
millert |
Fix memory leak with EPRT command; Hiroyuki YAMAMORI
|
#
1.27 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.26 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.25 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.24 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
#
1.23 |
|
13-Nov-2000 |
itojun |
combine check_epsvall + check_login into check_login_epsvall. we cnanot split check_login and check_epsvall. if we do that, we end up generating two results against single comand.
|
#
1.22 |
|
13-Nov-2000 |
itojun |
make sure to check_login on EPSV/LPSV. move epvsall check into check_epsvall.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.21 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.20 |
|
29-Apr-2000 |
deraadt |
indent
|
#
1.19 |
|
15-Jan-2000 |
ericj |
(char *)0 -> NULL cleanup. From NetBSD
|
#
1.18 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
08-Oct-1999 |
deraadt |
correct; dholland@hcs.harvard.edu, root@zen.ics.uwe.ac.uk
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.16 |
|
22-May-1998 |
deraadt |
use TM_YEAR_BASE; lukem
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.15 |
|
03-Feb-1998 |
downsj |
Work around a glob() and Netscape problem; the local glob() hacker may want to read the commentary if he wants another project.
|
#
1.14 |
|
18-Dec-1997 |
deraadt |
Be so specific about the exact details of a PORT command error, that we strike fear into the hearts of attackers (naw, I bet not...)
|
#
1.13 |
|
18-Dec-1997 |
deraadt |
bitch if attacker tries to make PORT values overflow each other (they cannot anyways, but let him know we are onto him)
|
#
1.12 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.10 |
|
22-Jul-1997 |
deraadt |
setproctitle less
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.9 |
|
02-Jan-1997 |
bitblt |
Fix for the shift-reduce conflict, contributed by dholland@hcs.harvard.edu, who is porting the OpenBSD ftpd to (of all things) Linux.
|
#
1.8 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.7 |
|
16-Oct-1996 |
bitblt |
Fixed a memory leak associated with the HELP and SITE HELP commands.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
19-Sep-1996 |
bitblt |
reduced the number of command availibe to users who are not logged in, fixed a memory leak in RNFR
|
#
1.5 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.4 |
|
22-Aug-1996 |
deraadt |
de-gibble ftpd for w
|
#
1.3 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.2 |
|
23-Apr-1996 |
deraadt |
sync with netbsd 960418
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.73 |
|
31-May-2021 |
jan |
Convert K&R function definitions to modern C.
OK naddy@, millert@
|
#
1.72 |
|
23-May-2021 |
jan |
Constify function parameters.
OK martijn@
|
#
1.71 |
|
22-May-2021 |
jan |
Remove useless islower(2) before toupper(3).
OK martijn@
|
#
1.70 |
|
20-May-2021 |
jan |
Removes the useless FILE* parameter of get_line(). While here fix minor whitespace mistake.
"looks fine to me" chris@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.69 |
|
04-Mar-2020 |
millert |
Avoid passing a NULL name to retrieve(), use "." instead. Fixes a "vfprintf %s NULL" warning in ftpd. OK deraadt@ tb@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.68 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.67 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.66 |
|
27-Apr-2017 |
mikeb |
Don't send multiple error messages in response to a single command
While a few commands (such as HELP and NOOP) are allowed in between USER and PASS, most of the others are not. However if such command is issued, ftpd should abort the command evaluation early and reply with "530 Please login with USER and PASS."
From form@, with input from deraadt@ and OK millert@
|
#
1.65 |
|
17-Apr-2017 |
deraadt |
memset() of password field should be explicit_bzero(). [Not using freezero() in yacc files yet]
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.64 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.63 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.62 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.61 |
|
25-Oct-2015 |
tedu |
unifdef some oldness. (BSD not defined since removal of param.h) ok jca sthen
|
#
1.60 |
|
18-Aug-2015 |
deraadt |
calloc() is prototyped; do not cast result
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.59 |
|
17-Mar-2015 |
millert |
Eliminate use of TM_YEAR_BASE. OK guenther@ deraadt@ miod@
|
#
1.58 |
|
15-Mar-2015 |
millert |
tzfile.h is an internal header that should never have been installed. What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.57 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.56 |
|
08-Feb-2014 |
millert |
Fix REST (restart transfer) for offsets large than 2GB. OK okan@
|
#
1.55 |
|
27-Nov-2013 |
deraadt |
unsigned char for ctype ok okan kettenis
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.54 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.53 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.52 |
|
13-Sep-2008 |
moritz |
Fix minor bug in the previous commit, which could hang the current session, when the last character of an overly long line was a newline character. Additionally reply with 500 "Command too long" for commands, which are too large.
Issue found and proposed fix by Luke Mewburn <lukem@NetBSD.org>.
ok millert@
|
#
1.51 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.50 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.49 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.48 |
|
11-Dec-2004 |
moritz |
make syscalls in the monitor restartable when signals occur, as was the case before privsep and only wait() for our slave processes. with help from millert@
ok millert@ henning@
|
#
1.47 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.46 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.45 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.44 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.43 |
|
10-Dec-2003 |
deraadt |
spacing
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.42 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.41 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.40 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.39 |
|
19-Feb-2002 |
mpech |
Rewrite upper().
millert@ ok
|
#
1.38 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.37 |
|
30-Jan-2002 |
mpech |
Fix leak in `EPSV ALL`. Since now ``ALL'' should be treated like CRLF, COMMA, etc.
millert@ ok
|
#
1.36 |
|
30-Jan-2002 |
mpech |
protect `RNTO` from NULL pointer.
millert@ ok
|
#
1.35 |
|
25-Jan-2002 |
mpech |
s is pointer. 0 -> NULL.
millert@ ok
|
#
1.34 |
|
25-Jan-2002 |
mpech |
Catch not valid chmod value earlier. This make sense, before we didn't handle some situations and pass value to chmod() instead of fatal. Idea stolen from `SITE UMASK` handler.
millert@ ok
|
#
1.33 |
|
23-Jan-2002 |
mpech |
lookup() returns pointer. Convert 0 -> NULL.
millert@ ok
|
#
1.32 |
|
23-Jan-2002 |
mpech |
``pathname'' can be NULL here too.
millert@ ok
|
#
1.31 |
|
17-Jan-2002 |
itojun |
reject SIZE request for ascii mode if file is larger than 10k.
|
#
1.30 |
|
08-Jan-2002 |
millert |
Close potential memory leak wrt "fromname"; inspired by similar FreeBSD changes.
|
#
1.29 |
|
08-Jan-2002 |
millert |
STRING is never NULL so there is no need to test it for NULL before freeing it.
|
#
1.28 |
|
28-Dec-2001 |
millert |
Fix memory leak with EPRT command; Hiroyuki YAMAMORI
|
#
1.27 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.26 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.25 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.24 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
#
1.23 |
|
13-Nov-2000 |
itojun |
combine check_epsvall + check_login into check_login_epsvall. we cnanot split check_login and check_epsvall. if we do that, we end up generating two results against single comand.
|
#
1.22 |
|
13-Nov-2000 |
itojun |
make sure to check_login on EPSV/LPSV. move epvsall check into check_epsvall.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.21 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.20 |
|
29-Apr-2000 |
deraadt |
indent
|
#
1.19 |
|
15-Jan-2000 |
ericj |
(char *)0 -> NULL cleanup. From NetBSD
|
#
1.18 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
08-Oct-1999 |
deraadt |
correct; dholland@hcs.harvard.edu, root@zen.ics.uwe.ac.uk
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.16 |
|
22-May-1998 |
deraadt |
use TM_YEAR_BASE; lukem
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.15 |
|
03-Feb-1998 |
downsj |
Work around a glob() and Netscape problem; the local glob() hacker may want to read the commentary if he wants another project.
|
#
1.14 |
|
18-Dec-1997 |
deraadt |
Be so specific about the exact details of a PORT command error, that we strike fear into the hearts of attackers (naw, I bet not...)
|
#
1.13 |
|
18-Dec-1997 |
deraadt |
bitch if attacker tries to make PORT values overflow each other (they cannot anyways, but let him know we are onto him)
|
#
1.12 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.10 |
|
22-Jul-1997 |
deraadt |
setproctitle less
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.9 |
|
02-Jan-1997 |
bitblt |
Fix for the shift-reduce conflict, contributed by dholland@hcs.harvard.edu, who is porting the OpenBSD ftpd to (of all things) Linux.
|
#
1.8 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.7 |
|
16-Oct-1996 |
bitblt |
Fixed a memory leak associated with the HELP and SITE HELP commands.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
19-Sep-1996 |
bitblt |
reduced the number of command availibe to users who are not logged in, fixed a memory leak in RNFR
|
#
1.5 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.4 |
|
22-Aug-1996 |
deraadt |
de-gibble ftpd for w
|
#
1.3 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.2 |
|
23-Apr-1996 |
deraadt |
sync with netbsd 960418
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.72 |
|
23-May-2021 |
jan |
Constify function parameters.
OK martijn@
|
#
1.71 |
|
22-May-2021 |
jan |
Remove useless islower(2) before toupper(3).
OK martijn@
|
#
1.70 |
|
20-May-2021 |
jan |
Removes the useless FILE* parameter of get_line(). While here fix minor whitespace mistake.
"looks fine to me" chris@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.69 |
|
04-Mar-2020 |
millert |
Avoid passing a NULL name to retrieve(), use "." instead. Fixes a "vfprintf %s NULL" warning in ftpd. OK deraadt@ tb@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.68 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.67 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.66 |
|
27-Apr-2017 |
mikeb |
Don't send multiple error messages in response to a single command
While a few commands (such as HELP and NOOP) are allowed in between USER and PASS, most of the others are not. However if such command is issued, ftpd should abort the command evaluation early and reply with "530 Please login with USER and PASS."
From form@, with input from deraadt@ and OK millert@
|
#
1.65 |
|
17-Apr-2017 |
deraadt |
memset() of password field should be explicit_bzero(). [Not using freezero() in yacc files yet]
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.64 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.63 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.62 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.61 |
|
25-Oct-2015 |
tedu |
unifdef some oldness. (BSD not defined since removal of param.h) ok jca sthen
|
#
1.60 |
|
18-Aug-2015 |
deraadt |
calloc() is prototyped; do not cast result
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.59 |
|
17-Mar-2015 |
millert |
Eliminate use of TM_YEAR_BASE. OK guenther@ deraadt@ miod@
|
#
1.58 |
|
15-Mar-2015 |
millert |
tzfile.h is an internal header that should never have been installed. What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.57 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.56 |
|
08-Feb-2014 |
millert |
Fix REST (restart transfer) for offsets large than 2GB. OK okan@
|
#
1.55 |
|
27-Nov-2013 |
deraadt |
unsigned char for ctype ok okan kettenis
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.54 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.53 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.52 |
|
13-Sep-2008 |
moritz |
Fix minor bug in the previous commit, which could hang the current session, when the last character of an overly long line was a newline character. Additionally reply with 500 "Command too long" for commands, which are too large.
Issue found and proposed fix by Luke Mewburn <lukem@NetBSD.org>.
ok millert@
|
#
1.51 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.50 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.49 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.48 |
|
11-Dec-2004 |
moritz |
make syscalls in the monitor restartable when signals occur, as was the case before privsep and only wait() for our slave processes. with help from millert@
ok millert@ henning@
|
#
1.47 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.46 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.45 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.44 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.43 |
|
10-Dec-2003 |
deraadt |
spacing
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.42 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.41 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.40 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.39 |
|
19-Feb-2002 |
mpech |
Rewrite upper().
millert@ ok
|
#
1.38 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.37 |
|
30-Jan-2002 |
mpech |
Fix leak in `EPSV ALL`. Since now ``ALL'' should be treated like CRLF, COMMA, etc.
millert@ ok
|
#
1.36 |
|
30-Jan-2002 |
mpech |
protect `RNTO` from NULL pointer.
millert@ ok
|
#
1.35 |
|
25-Jan-2002 |
mpech |
s is pointer. 0 -> NULL.
millert@ ok
|
#
1.34 |
|
25-Jan-2002 |
mpech |
Catch not valid chmod value earlier. This make sense, before we didn't handle some situations and pass value to chmod() instead of fatal. Idea stolen from `SITE UMASK` handler.
millert@ ok
|
#
1.33 |
|
23-Jan-2002 |
mpech |
lookup() returns pointer. Convert 0 -> NULL.
millert@ ok
|
#
1.32 |
|
23-Jan-2002 |
mpech |
``pathname'' can be NULL here too.
millert@ ok
|
#
1.31 |
|
17-Jan-2002 |
itojun |
reject SIZE request for ascii mode if file is larger than 10k.
|
#
1.30 |
|
08-Jan-2002 |
millert |
Close potential memory leak wrt "fromname"; inspired by similar FreeBSD changes.
|
#
1.29 |
|
08-Jan-2002 |
millert |
STRING is never NULL so there is no need to test it for NULL before freeing it.
|
#
1.28 |
|
28-Dec-2001 |
millert |
Fix memory leak with EPRT command; Hiroyuki YAMAMORI
|
#
1.27 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.26 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.25 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.24 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
#
1.23 |
|
13-Nov-2000 |
itojun |
combine check_epsvall + check_login into check_login_epsvall. we cnanot split check_login and check_epsvall. if we do that, we end up generating two results against single comand.
|
#
1.22 |
|
13-Nov-2000 |
itojun |
make sure to check_login on EPSV/LPSV. move epvsall check into check_epsvall.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.21 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.20 |
|
29-Apr-2000 |
deraadt |
indent
|
#
1.19 |
|
15-Jan-2000 |
ericj |
(char *)0 -> NULL cleanup. From NetBSD
|
#
1.18 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
08-Oct-1999 |
deraadt |
correct; dholland@hcs.harvard.edu, root@zen.ics.uwe.ac.uk
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.16 |
|
22-May-1998 |
deraadt |
use TM_YEAR_BASE; lukem
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.15 |
|
03-Feb-1998 |
downsj |
Work around a glob() and Netscape problem; the local glob() hacker may want to read the commentary if he wants another project.
|
#
1.14 |
|
18-Dec-1997 |
deraadt |
Be so specific about the exact details of a PORT command error, that we strike fear into the hearts of attackers (naw, I bet not...)
|
#
1.13 |
|
18-Dec-1997 |
deraadt |
bitch if attacker tries to make PORT values overflow each other (they cannot anyways, but let him know we are onto him)
|
#
1.12 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.10 |
|
22-Jul-1997 |
deraadt |
setproctitle less
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.9 |
|
02-Jan-1997 |
bitblt |
Fix for the shift-reduce conflict, contributed by dholland@hcs.harvard.edu, who is porting the OpenBSD ftpd to (of all things) Linux.
|
#
1.8 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.7 |
|
16-Oct-1996 |
bitblt |
Fixed a memory leak associated with the HELP and SITE HELP commands.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
19-Sep-1996 |
bitblt |
reduced the number of command availibe to users who are not logged in, fixed a memory leak in RNFR
|
#
1.5 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.4 |
|
22-Aug-1996 |
deraadt |
de-gibble ftpd for w
|
#
1.3 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.2 |
|
23-Apr-1996 |
deraadt |
sync with netbsd 960418
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.71 |
|
22-May-2021 |
jan |
Remove useless islower(2) before toupper(3).
OK martijn@
|
#
1.70 |
|
20-May-2021 |
jan |
Removes the useless FILE* parameter of get_line(). While here fix minor whitespace mistake.
"looks fine to me" chris@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.69 |
|
04-Mar-2020 |
millert |
Avoid passing a NULL name to retrieve(), use "." instead. Fixes a "vfprintf %s NULL" warning in ftpd. OK deraadt@ tb@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.68 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.67 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.66 |
|
27-Apr-2017 |
mikeb |
Don't send multiple error messages in response to a single command
While a few commands (such as HELP and NOOP) are allowed in between USER and PASS, most of the others are not. However if such command is issued, ftpd should abort the command evaluation early and reply with "530 Please login with USER and PASS."
From form@, with input from deraadt@ and OK millert@
|
#
1.65 |
|
17-Apr-2017 |
deraadt |
memset() of password field should be explicit_bzero(). [Not using freezero() in yacc files yet]
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.64 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.63 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.62 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.61 |
|
25-Oct-2015 |
tedu |
unifdef some oldness. (BSD not defined since removal of param.h) ok jca sthen
|
#
1.60 |
|
18-Aug-2015 |
deraadt |
calloc() is prototyped; do not cast result
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.59 |
|
17-Mar-2015 |
millert |
Eliminate use of TM_YEAR_BASE. OK guenther@ deraadt@ miod@
|
#
1.58 |
|
15-Mar-2015 |
millert |
tzfile.h is an internal header that should never have been installed. What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.57 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.56 |
|
08-Feb-2014 |
millert |
Fix REST (restart transfer) for offsets large than 2GB. OK okan@
|
#
1.55 |
|
27-Nov-2013 |
deraadt |
unsigned char for ctype ok okan kettenis
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.54 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.53 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.52 |
|
13-Sep-2008 |
moritz |
Fix minor bug in the previous commit, which could hang the current session, when the last character of an overly long line was a newline character. Additionally reply with 500 "Command too long" for commands, which are too large.
Issue found and proposed fix by Luke Mewburn <lukem@NetBSD.org>.
ok millert@
|
#
1.51 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.50 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.49 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.48 |
|
11-Dec-2004 |
moritz |
make syscalls in the monitor restartable when signals occur, as was the case before privsep and only wait() for our slave processes. with help from millert@
ok millert@ henning@
|
#
1.47 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.46 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.45 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.44 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.43 |
|
10-Dec-2003 |
deraadt |
spacing
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.42 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.41 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.40 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.39 |
|
19-Feb-2002 |
mpech |
Rewrite upper().
millert@ ok
|
#
1.38 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.37 |
|
30-Jan-2002 |
mpech |
Fix leak in `EPSV ALL`. Since now ``ALL'' should be treated like CRLF, COMMA, etc.
millert@ ok
|
#
1.36 |
|
30-Jan-2002 |
mpech |
protect `RNTO` from NULL pointer.
millert@ ok
|
#
1.35 |
|
25-Jan-2002 |
mpech |
s is pointer. 0 -> NULL.
millert@ ok
|
#
1.34 |
|
25-Jan-2002 |
mpech |
Catch not valid chmod value earlier. This make sense, before we didn't handle some situations and pass value to chmod() instead of fatal. Idea stolen from `SITE UMASK` handler.
millert@ ok
|
#
1.33 |
|
23-Jan-2002 |
mpech |
lookup() returns pointer. Convert 0 -> NULL.
millert@ ok
|
#
1.32 |
|
23-Jan-2002 |
mpech |
``pathname'' can be NULL here too.
millert@ ok
|
#
1.31 |
|
17-Jan-2002 |
itojun |
reject SIZE request for ascii mode if file is larger than 10k.
|
#
1.30 |
|
08-Jan-2002 |
millert |
Close potential memory leak wrt "fromname"; inspired by similar FreeBSD changes.
|
#
1.29 |
|
08-Jan-2002 |
millert |
STRING is never NULL so there is no need to test it for NULL before freeing it.
|
#
1.28 |
|
28-Dec-2001 |
millert |
Fix memory leak with EPRT command; Hiroyuki YAMAMORI
|
#
1.27 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.26 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.25 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.24 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
#
1.23 |
|
13-Nov-2000 |
itojun |
combine check_epsvall + check_login into check_login_epsvall. we cnanot split check_login and check_epsvall. if we do that, we end up generating two results against single comand.
|
#
1.22 |
|
13-Nov-2000 |
itojun |
make sure to check_login on EPSV/LPSV. move epvsall check into check_epsvall.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.21 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.20 |
|
29-Apr-2000 |
deraadt |
indent
|
#
1.19 |
|
15-Jan-2000 |
ericj |
(char *)0 -> NULL cleanup. From NetBSD
|
#
1.18 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
08-Oct-1999 |
deraadt |
correct; dholland@hcs.harvard.edu, root@zen.ics.uwe.ac.uk
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.16 |
|
22-May-1998 |
deraadt |
use TM_YEAR_BASE; lukem
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.15 |
|
03-Feb-1998 |
downsj |
Work around a glob() and Netscape problem; the local glob() hacker may want to read the commentary if he wants another project.
|
#
1.14 |
|
18-Dec-1997 |
deraadt |
Be so specific about the exact details of a PORT command error, that we strike fear into the hearts of attackers (naw, I bet not...)
|
#
1.13 |
|
18-Dec-1997 |
deraadt |
bitch if attacker tries to make PORT values overflow each other (they cannot anyways, but let him know we are onto him)
|
#
1.12 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.10 |
|
22-Jul-1997 |
deraadt |
setproctitle less
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.9 |
|
02-Jan-1997 |
bitblt |
Fix for the shift-reduce conflict, contributed by dholland@hcs.harvard.edu, who is porting the OpenBSD ftpd to (of all things) Linux.
|
#
1.8 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.7 |
|
16-Oct-1996 |
bitblt |
Fixed a memory leak associated with the HELP and SITE HELP commands.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
19-Sep-1996 |
bitblt |
reduced the number of command availibe to users who are not logged in, fixed a memory leak in RNFR
|
#
1.5 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.4 |
|
22-Aug-1996 |
deraadt |
de-gibble ftpd for w
|
#
1.3 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.2 |
|
23-Apr-1996 |
deraadt |
sync with netbsd 960418
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.70 |
|
20-May-2021 |
jan |
Removes the useless FILE* parameter of get_line(). While here fix minor whitespace mistake.
"looks fine to me" chris@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.69 |
|
04-Mar-2020 |
millert |
Avoid passing a NULL name to retrieve(), use "." instead. Fixes a "vfprintf %s NULL" warning in ftpd. OK deraadt@ tb@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.68 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.67 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.66 |
|
27-Apr-2017 |
mikeb |
Don't send multiple error messages in response to a single command
While a few commands (such as HELP and NOOP) are allowed in between USER and PASS, most of the others are not. However if such command is issued, ftpd should abort the command evaluation early and reply with "530 Please login with USER and PASS."
From form@, with input from deraadt@ and OK millert@
|
#
1.65 |
|
17-Apr-2017 |
deraadt |
memset() of password field should be explicit_bzero(). [Not using freezero() in yacc files yet]
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.64 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.63 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.62 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.61 |
|
25-Oct-2015 |
tedu |
unifdef some oldness. (BSD not defined since removal of param.h) ok jca sthen
|
#
1.60 |
|
18-Aug-2015 |
deraadt |
calloc() is prototyped; do not cast result
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.59 |
|
17-Mar-2015 |
millert |
Eliminate use of TM_YEAR_BASE. OK guenther@ deraadt@ miod@
|
#
1.58 |
|
15-Mar-2015 |
millert |
tzfile.h is an internal header that should never have been installed. What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.57 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.56 |
|
08-Feb-2014 |
millert |
Fix REST (restart transfer) for offsets large than 2GB. OK okan@
|
#
1.55 |
|
27-Nov-2013 |
deraadt |
unsigned char for ctype ok okan kettenis
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.54 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.53 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.52 |
|
13-Sep-2008 |
moritz |
Fix minor bug in the previous commit, which could hang the current session, when the last character of an overly long line was a newline character. Additionally reply with 500 "Command too long" for commands, which are too large.
Issue found and proposed fix by Luke Mewburn <lukem@NetBSD.org>.
ok millert@
|
#
1.51 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.50 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.49 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.48 |
|
11-Dec-2004 |
moritz |
make syscalls in the monitor restartable when signals occur, as was the case before privsep and only wait() for our slave processes. with help from millert@
ok millert@ henning@
|
#
1.47 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.46 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.45 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.44 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.43 |
|
10-Dec-2003 |
deraadt |
spacing
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.42 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.41 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.40 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.39 |
|
19-Feb-2002 |
mpech |
Rewrite upper().
millert@ ok
|
#
1.38 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.37 |
|
30-Jan-2002 |
mpech |
Fix leak in `EPSV ALL`. Since now ``ALL'' should be treated like CRLF, COMMA, etc.
millert@ ok
|
#
1.36 |
|
30-Jan-2002 |
mpech |
protect `RNTO` from NULL pointer.
millert@ ok
|
#
1.35 |
|
25-Jan-2002 |
mpech |
s is pointer. 0 -> NULL.
millert@ ok
|
#
1.34 |
|
25-Jan-2002 |
mpech |
Catch not valid chmod value earlier. This make sense, before we didn't handle some situations and pass value to chmod() instead of fatal. Idea stolen from `SITE UMASK` handler.
millert@ ok
|
#
1.33 |
|
23-Jan-2002 |
mpech |
lookup() returns pointer. Convert 0 -> NULL.
millert@ ok
|
#
1.32 |
|
23-Jan-2002 |
mpech |
``pathname'' can be NULL here too.
millert@ ok
|
#
1.31 |
|
17-Jan-2002 |
itojun |
reject SIZE request for ascii mode if file is larger than 10k.
|
#
1.30 |
|
08-Jan-2002 |
millert |
Close potential memory leak wrt "fromname"; inspired by similar FreeBSD changes.
|
#
1.29 |
|
08-Jan-2002 |
millert |
STRING is never NULL so there is no need to test it for NULL before freeing it.
|
#
1.28 |
|
28-Dec-2001 |
millert |
Fix memory leak with EPRT command; Hiroyuki YAMAMORI
|
#
1.27 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.26 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.25 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.24 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
#
1.23 |
|
13-Nov-2000 |
itojun |
combine check_epsvall + check_login into check_login_epsvall. we cnanot split check_login and check_epsvall. if we do that, we end up generating two results against single comand.
|
#
1.22 |
|
13-Nov-2000 |
itojun |
make sure to check_login on EPSV/LPSV. move epvsall check into check_epsvall.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.21 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.20 |
|
29-Apr-2000 |
deraadt |
indent
|
#
1.19 |
|
15-Jan-2000 |
ericj |
(char *)0 -> NULL cleanup. From NetBSD
|
#
1.18 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
08-Oct-1999 |
deraadt |
correct; dholland@hcs.harvard.edu, root@zen.ics.uwe.ac.uk
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.16 |
|
22-May-1998 |
deraadt |
use TM_YEAR_BASE; lukem
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.15 |
|
03-Feb-1998 |
downsj |
Work around a glob() and Netscape problem; the local glob() hacker may want to read the commentary if he wants another project.
|
#
1.14 |
|
18-Dec-1997 |
deraadt |
Be so specific about the exact details of a PORT command error, that we strike fear into the hearts of attackers (naw, I bet not...)
|
#
1.13 |
|
18-Dec-1997 |
deraadt |
bitch if attacker tries to make PORT values overflow each other (they cannot anyways, but let him know we are onto him)
|
#
1.12 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.10 |
|
22-Jul-1997 |
deraadt |
setproctitle less
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.9 |
|
02-Jan-1997 |
bitblt |
Fix for the shift-reduce conflict, contributed by dholland@hcs.harvard.edu, who is porting the OpenBSD ftpd to (of all things) Linux.
|
#
1.8 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.7 |
|
16-Oct-1996 |
bitblt |
Fixed a memory leak associated with the HELP and SITE HELP commands.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
19-Sep-1996 |
bitblt |
reduced the number of command availibe to users who are not logged in, fixed a memory leak in RNFR
|
#
1.5 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.4 |
|
22-Aug-1996 |
deraadt |
de-gibble ftpd for w
|
#
1.3 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.2 |
|
23-Apr-1996 |
deraadt |
sync with netbsd 960418
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.69 |
|
04-Mar-2020 |
millert |
Avoid passing a NULL name to retrieve(), use "." instead. Fixes a "vfprintf %s NULL" warning in ftpd. OK deraadt@ tb@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.68 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.67 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.66 |
|
27-Apr-2017 |
mikeb |
Don't send multiple error messages in response to a single command
While a few commands (such as HELP and NOOP) are allowed in between USER and PASS, most of the others are not. However if such command is issued, ftpd should abort the command evaluation early and reply with "530 Please login with USER and PASS."
From form@, with input from deraadt@ and OK millert@
|
#
1.65 |
|
17-Apr-2017 |
deraadt |
memset() of password field should be explicit_bzero(). [Not using freezero() in yacc files yet]
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.64 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.63 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.62 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.61 |
|
25-Oct-2015 |
tedu |
unifdef some oldness. (BSD not defined since removal of param.h) ok jca sthen
|
#
1.60 |
|
18-Aug-2015 |
deraadt |
calloc() is prototyped; do not cast result
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.59 |
|
17-Mar-2015 |
millert |
Eliminate use of TM_YEAR_BASE. OK guenther@ deraadt@ miod@
|
#
1.58 |
|
15-Mar-2015 |
millert |
tzfile.h is an internal header that should never have been installed. What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.57 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.56 |
|
08-Feb-2014 |
millert |
Fix REST (restart transfer) for offsets large than 2GB. OK okan@
|
#
1.55 |
|
27-Nov-2013 |
deraadt |
unsigned char for ctype ok okan kettenis
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.54 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.53 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.52 |
|
13-Sep-2008 |
moritz |
Fix minor bug in the previous commit, which could hang the current session, when the last character of an overly long line was a newline character. Additionally reply with 500 "Command too long" for commands, which are too large.
Issue found and proposed fix by Luke Mewburn <lukem@NetBSD.org>.
ok millert@
|
#
1.51 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.50 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.49 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.48 |
|
11-Dec-2004 |
moritz |
make syscalls in the monitor restartable when signals occur, as was the case before privsep and only wait() for our slave processes. with help from millert@
ok millert@ henning@
|
#
1.47 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.46 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.45 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.44 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.43 |
|
10-Dec-2003 |
deraadt |
spacing
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.42 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.41 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.40 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.39 |
|
19-Feb-2002 |
mpech |
Rewrite upper().
millert@ ok
|
#
1.38 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.37 |
|
30-Jan-2002 |
mpech |
Fix leak in `EPSV ALL`. Since now ``ALL'' should be treated like CRLF, COMMA, etc.
millert@ ok
|
#
1.36 |
|
30-Jan-2002 |
mpech |
protect `RNTO` from NULL pointer.
millert@ ok
|
#
1.35 |
|
25-Jan-2002 |
mpech |
s is pointer. 0 -> NULL.
millert@ ok
|
#
1.34 |
|
25-Jan-2002 |
mpech |
Catch not valid chmod value earlier. This make sense, before we didn't handle some situations and pass value to chmod() instead of fatal. Idea stolen from `SITE UMASK` handler.
millert@ ok
|
#
1.33 |
|
23-Jan-2002 |
mpech |
lookup() returns pointer. Convert 0 -> NULL.
millert@ ok
|
#
1.32 |
|
23-Jan-2002 |
mpech |
``pathname'' can be NULL here too.
millert@ ok
|
#
1.31 |
|
17-Jan-2002 |
itojun |
reject SIZE request for ascii mode if file is larger than 10k.
|
#
1.30 |
|
08-Jan-2002 |
millert |
Close potential memory leak wrt "fromname"; inspired by similar FreeBSD changes.
|
#
1.29 |
|
08-Jan-2002 |
millert |
STRING is never NULL so there is no need to test it for NULL before freeing it.
|
#
1.28 |
|
28-Dec-2001 |
millert |
Fix memory leak with EPRT command; Hiroyuki YAMAMORI
|
#
1.27 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.26 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.25 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.24 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
#
1.23 |
|
13-Nov-2000 |
itojun |
combine check_epsvall + check_login into check_login_epsvall. we cnanot split check_login and check_epsvall. if we do that, we end up generating two results against single comand.
|
#
1.22 |
|
13-Nov-2000 |
itojun |
make sure to check_login on EPSV/LPSV. move epvsall check into check_epsvall.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.21 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.20 |
|
29-Apr-2000 |
deraadt |
indent
|
#
1.19 |
|
15-Jan-2000 |
ericj |
(char *)0 -> NULL cleanup. From NetBSD
|
#
1.18 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
08-Oct-1999 |
deraadt |
correct; dholland@hcs.harvard.edu, root@zen.ics.uwe.ac.uk
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.16 |
|
22-May-1998 |
deraadt |
use TM_YEAR_BASE; lukem
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.15 |
|
03-Feb-1998 |
downsj |
Work around a glob() and Netscape problem; the local glob() hacker may want to read the commentary if he wants another project.
|
#
1.14 |
|
18-Dec-1997 |
deraadt |
Be so specific about the exact details of a PORT command error, that we strike fear into the hearts of attackers (naw, I bet not...)
|
#
1.13 |
|
18-Dec-1997 |
deraadt |
bitch if attacker tries to make PORT values overflow each other (they cannot anyways, but let him know we are onto him)
|
#
1.12 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.10 |
|
22-Jul-1997 |
deraadt |
setproctitle less
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.9 |
|
02-Jan-1997 |
bitblt |
Fix for the shift-reduce conflict, contributed by dholland@hcs.harvard.edu, who is porting the OpenBSD ftpd to (of all things) Linux.
|
#
1.8 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.7 |
|
16-Oct-1996 |
bitblt |
Fixed a memory leak associated with the HELP and SITE HELP commands.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
19-Sep-1996 |
bitblt |
reduced the number of command availibe to users who are not logged in, fixed a memory leak in RNFR
|
#
1.5 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.4 |
|
22-Aug-1996 |
deraadt |
de-gibble ftpd for w
|
#
1.3 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.2 |
|
23-Apr-1996 |
deraadt |
sync with netbsd 960418
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.68 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
#
1.67 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.66 |
|
27-Apr-2017 |
mikeb |
Don't send multiple error messages in response to a single command
While a few commands (such as HELP and NOOP) are allowed in between USER and PASS, most of the others are not. However if such command is issued, ftpd should abort the command evaluation early and reply with "530 Please login with USER and PASS."
From form@, with input from deraadt@ and OK millert@
|
#
1.65 |
|
17-Apr-2017 |
deraadt |
memset() of password field should be explicit_bzero(). [Not using freezero() in yacc files yet]
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.64 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.63 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.62 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.61 |
|
25-Oct-2015 |
tedu |
unifdef some oldness. (BSD not defined since removal of param.h) ok jca sthen
|
#
1.60 |
|
18-Aug-2015 |
deraadt |
calloc() is prototyped; do not cast result
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.59 |
|
17-Mar-2015 |
millert |
Eliminate use of TM_YEAR_BASE. OK guenther@ deraadt@ miod@
|
#
1.58 |
|
15-Mar-2015 |
millert |
tzfile.h is an internal header that should never have been installed. What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.57 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.56 |
|
08-Feb-2014 |
millert |
Fix REST (restart transfer) for offsets large than 2GB. OK okan@
|
#
1.55 |
|
27-Nov-2013 |
deraadt |
unsigned char for ctype ok okan kettenis
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.54 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.53 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.52 |
|
13-Sep-2008 |
moritz |
Fix minor bug in the previous commit, which could hang the current session, when the last character of an overly long line was a newline character. Additionally reply with 500 "Command too long" for commands, which are too large.
Issue found and proposed fix by Luke Mewburn <lukem@NetBSD.org>.
ok millert@
|
#
1.51 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.50 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.49 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.48 |
|
11-Dec-2004 |
moritz |
make syscalls in the monitor restartable when signals occur, as was the case before privsep and only wait() for our slave processes. with help from millert@
ok millert@ henning@
|
#
1.47 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.46 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.45 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.44 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.43 |
|
10-Dec-2003 |
deraadt |
spacing
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.42 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.41 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.40 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.39 |
|
19-Feb-2002 |
mpech |
Rewrite upper().
millert@ ok
|
#
1.38 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.37 |
|
30-Jan-2002 |
mpech |
Fix leak in `EPSV ALL`. Since now ``ALL'' should be treated like CRLF, COMMA, etc.
millert@ ok
|
#
1.36 |
|
30-Jan-2002 |
mpech |
protect `RNTO` from NULL pointer.
millert@ ok
|
#
1.35 |
|
25-Jan-2002 |
mpech |
s is pointer. 0 -> NULL.
millert@ ok
|
#
1.34 |
|
25-Jan-2002 |
mpech |
Catch not valid chmod value earlier. This make sense, before we didn't handle some situations and pass value to chmod() instead of fatal. Idea stolen from `SITE UMASK` handler.
millert@ ok
|
#
1.33 |
|
23-Jan-2002 |
mpech |
lookup() returns pointer. Convert 0 -> NULL.
millert@ ok
|
#
1.32 |
|
23-Jan-2002 |
mpech |
``pathname'' can be NULL here too.
millert@ ok
|
#
1.31 |
|
17-Jan-2002 |
itojun |
reject SIZE request for ascii mode if file is larger than 10k.
|
#
1.30 |
|
08-Jan-2002 |
millert |
Close potential memory leak wrt "fromname"; inspired by similar FreeBSD changes.
|
#
1.29 |
|
08-Jan-2002 |
millert |
STRING is never NULL so there is no need to test it for NULL before freeing it.
|
#
1.28 |
|
28-Dec-2001 |
millert |
Fix memory leak with EPRT command; Hiroyuki YAMAMORI
|
#
1.27 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.26 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.25 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.24 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
#
1.23 |
|
13-Nov-2000 |
itojun |
combine check_epsvall + check_login into check_login_epsvall. we cnanot split check_login and check_epsvall. if we do that, we end up generating two results against single comand.
|
#
1.22 |
|
13-Nov-2000 |
itojun |
make sure to check_login on EPSV/LPSV. move epvsall check into check_epsvall.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.21 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.20 |
|
29-Apr-2000 |
deraadt |
indent
|
#
1.19 |
|
15-Jan-2000 |
ericj |
(char *)0 -> NULL cleanup. From NetBSD
|
#
1.18 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
08-Oct-1999 |
deraadt |
correct; dholland@hcs.harvard.edu, root@zen.ics.uwe.ac.uk
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.16 |
|
22-May-1998 |
deraadt |
use TM_YEAR_BASE; lukem
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.15 |
|
03-Feb-1998 |
downsj |
Work around a glob() and Netscape problem; the local glob() hacker may want to read the commentary if he wants another project.
|
#
1.14 |
|
18-Dec-1997 |
deraadt |
Be so specific about the exact details of a PORT command error, that we strike fear into the hearts of attackers (naw, I bet not...)
|
#
1.13 |
|
18-Dec-1997 |
deraadt |
bitch if attacker tries to make PORT values overflow each other (they cannot anyways, but let him know we are onto him)
|
#
1.12 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.10 |
|
22-Jul-1997 |
deraadt |
setproctitle less
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.9 |
|
02-Jan-1997 |
bitblt |
Fix for the shift-reduce conflict, contributed by dholland@hcs.harvard.edu, who is porting the OpenBSD ftpd to (of all things) Linux.
|
#
1.8 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.7 |
|
16-Oct-1996 |
bitblt |
Fixed a memory leak associated with the HELP and SITE HELP commands.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
19-Sep-1996 |
bitblt |
reduced the number of command availibe to users who are not logged in, fixed a memory leak in RNFR
|
#
1.5 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.4 |
|
22-Aug-1996 |
deraadt |
de-gibble ftpd for w
|
#
1.3 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.2 |
|
23-Apr-1996 |
deraadt |
sync with netbsd 960418
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.67 |
|
08-May-2019 |
tedu |
rm dead code and simplify ftpd_popen. this code has only called its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.66 |
|
27-Apr-2017 |
mikeb |
Don't send multiple error messages in response to a single command
While a few commands (such as HELP and NOOP) are allowed in between USER and PASS, most of the others are not. However if such command is issued, ftpd should abort the command evaluation early and reply with "530 Please login with USER and PASS."
From form@, with input from deraadt@ and OK millert@
|
#
1.65 |
|
17-Apr-2017 |
deraadt |
memset() of password field should be explicit_bzero(). [Not using freezero() in yacc files yet]
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.64 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.63 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.62 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.61 |
|
25-Oct-2015 |
tedu |
unifdef some oldness. (BSD not defined since removal of param.h) ok jca sthen
|
#
1.60 |
|
18-Aug-2015 |
deraadt |
calloc() is prototyped; do not cast result
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.59 |
|
17-Mar-2015 |
millert |
Eliminate use of TM_YEAR_BASE. OK guenther@ deraadt@ miod@
|
#
1.58 |
|
15-Mar-2015 |
millert |
tzfile.h is an internal header that should never have been installed. What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.57 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.56 |
|
08-Feb-2014 |
millert |
Fix REST (restart transfer) for offsets large than 2GB. OK okan@
|
#
1.55 |
|
27-Nov-2013 |
deraadt |
unsigned char for ctype ok okan kettenis
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.54 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.53 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.52 |
|
13-Sep-2008 |
moritz |
Fix minor bug in the previous commit, which could hang the current session, when the last character of an overly long line was a newline character. Additionally reply with 500 "Command too long" for commands, which are too large.
Issue found and proposed fix by Luke Mewburn <lukem@NetBSD.org>.
ok millert@
|
#
1.51 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.50 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.49 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.48 |
|
11-Dec-2004 |
moritz |
make syscalls in the monitor restartable when signals occur, as was the case before privsep and only wait() for our slave processes. with help from millert@
ok millert@ henning@
|
#
1.47 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.46 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.45 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.44 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.43 |
|
10-Dec-2003 |
deraadt |
spacing
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.42 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.41 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.40 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.39 |
|
19-Feb-2002 |
mpech |
Rewrite upper().
millert@ ok
|
#
1.38 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.37 |
|
30-Jan-2002 |
mpech |
Fix leak in `EPSV ALL`. Since now ``ALL'' should be treated like CRLF, COMMA, etc.
millert@ ok
|
#
1.36 |
|
30-Jan-2002 |
mpech |
protect `RNTO` from NULL pointer.
millert@ ok
|
#
1.35 |
|
25-Jan-2002 |
mpech |
s is pointer. 0 -> NULL.
millert@ ok
|
#
1.34 |
|
25-Jan-2002 |
mpech |
Catch not valid chmod value earlier. This make sense, before we didn't handle some situations and pass value to chmod() instead of fatal. Idea stolen from `SITE UMASK` handler.
millert@ ok
|
#
1.33 |
|
23-Jan-2002 |
mpech |
lookup() returns pointer. Convert 0 -> NULL.
millert@ ok
|
#
1.32 |
|
23-Jan-2002 |
mpech |
``pathname'' can be NULL here too.
millert@ ok
|
#
1.31 |
|
17-Jan-2002 |
itojun |
reject SIZE request for ascii mode if file is larger than 10k.
|
#
1.30 |
|
08-Jan-2002 |
millert |
Close potential memory leak wrt "fromname"; inspired by similar FreeBSD changes.
|
#
1.29 |
|
08-Jan-2002 |
millert |
STRING is never NULL so there is no need to test it for NULL before freeing it.
|
#
1.28 |
|
28-Dec-2001 |
millert |
Fix memory leak with EPRT command; Hiroyuki YAMAMORI
|
#
1.27 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.26 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.25 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.24 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
#
1.23 |
|
13-Nov-2000 |
itojun |
combine check_epsvall + check_login into check_login_epsvall. we cnanot split check_login and check_epsvall. if we do that, we end up generating two results against single comand.
|
#
1.22 |
|
13-Nov-2000 |
itojun |
make sure to check_login on EPSV/LPSV. move epvsall check into check_epsvall.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.21 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.20 |
|
29-Apr-2000 |
deraadt |
indent
|
#
1.19 |
|
15-Jan-2000 |
ericj |
(char *)0 -> NULL cleanup. From NetBSD
|
#
1.18 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
08-Oct-1999 |
deraadt |
correct; dholland@hcs.harvard.edu, root@zen.ics.uwe.ac.uk
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.16 |
|
22-May-1998 |
deraadt |
use TM_YEAR_BASE; lukem
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.15 |
|
03-Feb-1998 |
downsj |
Work around a glob() and Netscape problem; the local glob() hacker may want to read the commentary if he wants another project.
|
#
1.14 |
|
18-Dec-1997 |
deraadt |
Be so specific about the exact details of a PORT command error, that we strike fear into the hearts of attackers (naw, I bet not...)
|
#
1.13 |
|
18-Dec-1997 |
deraadt |
bitch if attacker tries to make PORT values overflow each other (they cannot anyways, but let him know we are onto him)
|
#
1.12 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.10 |
|
22-Jul-1997 |
deraadt |
setproctitle less
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.9 |
|
02-Jan-1997 |
bitblt |
Fix for the shift-reduce conflict, contributed by dholland@hcs.harvard.edu, who is porting the OpenBSD ftpd to (of all things) Linux.
|
#
1.8 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.7 |
|
16-Oct-1996 |
bitblt |
Fixed a memory leak associated with the HELP and SITE HELP commands.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
19-Sep-1996 |
bitblt |
reduced the number of command availibe to users who are not logged in, fixed a memory leak in RNFR
|
#
1.5 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.4 |
|
22-Aug-1996 |
deraadt |
de-gibble ftpd for w
|
#
1.3 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.2 |
|
23-Apr-1996 |
deraadt |
sync with netbsd 960418
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.66 |
|
27-Apr-2017 |
mikeb |
Don't send multiple error messages in response to a single command
While a few commands (such as HELP and NOOP) are allowed in between USER and PASS, most of the others are not. However if such command is issued, ftpd should abort the command evaluation early and reply with "530 Please login with USER and PASS."
From form@, with input from deraadt@ and OK millert@
|
#
1.65 |
|
17-Apr-2017 |
deraadt |
memset() of password field should be explicit_bzero(). [Not using freezero() in yacc files yet]
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.64 |
|
26-Aug-2016 |
tedu |
trim down some NBBY references. 8 bits ought to be enough for anyone.
|
#
1.63 |
|
14-Aug-2016 |
guenther |
Convert %q to %ll with long long casts for printf() Delete pointless casts to off_t, void*, and uid_t
ok krw@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.62 |
|
16-Nov-2015 |
tedu |
don't need to ifdef setproctitle
|
#
1.61 |
|
25-Oct-2015 |
tedu |
unifdef some oldness. (BSD not defined since removal of param.h) ok jca sthen
|
#
1.60 |
|
18-Aug-2015 |
deraadt |
calloc() is prototyped; do not cast result
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.59 |
|
17-Mar-2015 |
millert |
Eliminate use of TM_YEAR_BASE. OK guenther@ deraadt@ miod@
|
#
1.58 |
|
15-Mar-2015 |
millert |
tzfile.h is an internal header that should never have been installed. What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.57 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.56 |
|
08-Feb-2014 |
millert |
Fix REST (restart transfer) for offsets large than 2GB. OK okan@
|
#
1.55 |
|
27-Nov-2013 |
deraadt |
unsigned char for ctype ok okan kettenis
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.54 |
|
04-Mar-2012 |
fgsch |
In preparation for getline and getdelim additions to libc, rename getline() occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.53 |
|
27-Oct-2009 |
deraadt |
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.52 |
|
13-Sep-2008 |
moritz |
Fix minor bug in the previous commit, which could hang the current session, when the last character of an overly long line was a newline character. Additionally reply with 500 "Command too long" for commands, which are too large.
Issue found and proposed fix by Luke Mewburn <lukem@NetBSD.org>.
ok millert@
|
#
1.51 |
|
12-Sep-2008 |
moritz |
Don't split large commands into multiple commands on a 512-byte boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server.
Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
ok millert@ martynas@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.50 |
|
30-Jun-2008 |
ragge |
Include file order must be "monitor.h" before "extern.h" otherwise enum auth_ret is referenced before it is declared, which is not allowed by C99.
Ok krw@, millert@, gilles@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.49 |
|
21-Apr-2006 |
deraadt |
lint cleanup; ok ray moritz dhill
|
Revision tags: OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.48 |
|
11-Dec-2004 |
moritz |
make syscalls in the monitor restartable when signals occur, as was the case before privsep and only wait() for our slave processes. with help from millert@
ok millert@ henning@
|
#
1.47 |
|
06-Dec-2004 |
deraadt |
seperate reply_r, like earlier change but safer; moritz ok
|
#
1.46 |
|
04-Dec-2004 |
deraadt |
reply() used to play a lot with stdout, expecially fflush(stdout). The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done.
|
#
1.45 |
|
03-Dec-2004 |
moritz |
make reply() reentrant. fixes a signal race. ok henning@
|
#
1.44 |
|
28-Nov-2004 |
henning |
privilege seperate ftpd handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE
|
#
1.43 |
|
10-Dec-2003 |
deraadt |
spacing
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.42 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.41 |
|
02-Jul-2002 |
danh |
* use lostconn() as the SIGALRM handler in receive_data() as originally done by downsj@ in revision 1.54.
* some -Wall cleanup - only declare check_host() if TCPWRAPPERS is defined. - use socklen_t where appropriate instead of int (pointer signedness warnings). - {u_}char * pointer signedness warnings.
ok millert@
|
#
1.40 |
|
17-Jun-2002 |
danh |
Initialize SIGALRM handler once in main(), instead of in several different locations.
This fixes a problem where the SIGALRM handler was being set to an uninitialized pointer in receive_data(). Originally reported to the misc@ list by Colin Harford.
ok millert@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.39 |
|
19-Feb-2002 |
mpech |
Rewrite upper().
millert@ ok
|
#
1.38 |
|
16-Feb-2002 |
millert |
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
|
#
1.37 |
|
30-Jan-2002 |
mpech |
Fix leak in `EPSV ALL`. Since now ``ALL'' should be treated like CRLF, COMMA, etc.
millert@ ok
|
#
1.36 |
|
30-Jan-2002 |
mpech |
protect `RNTO` from NULL pointer.
millert@ ok
|
#
1.35 |
|
25-Jan-2002 |
mpech |
s is pointer. 0 -> NULL.
millert@ ok
|
#
1.34 |
|
25-Jan-2002 |
mpech |
Catch not valid chmod value earlier. This make sense, before we didn't handle some situations and pass value to chmod() instead of fatal. Idea stolen from `SITE UMASK` handler.
millert@ ok
|
#
1.33 |
|
23-Jan-2002 |
mpech |
lookup() returns pointer. Convert 0 -> NULL.
millert@ ok
|
#
1.32 |
|
23-Jan-2002 |
mpech |
``pathname'' can be NULL here too.
millert@ ok
|
#
1.31 |
|
17-Jan-2002 |
itojun |
reject SIZE request for ascii mode if file is larger than 10k.
|
#
1.30 |
|
08-Jan-2002 |
millert |
Close potential memory leak wrt "fromname"; inspired by similar FreeBSD changes.
|
#
1.29 |
|
08-Jan-2002 |
millert |
STRING is never NULL so there is no need to test it for NULL before freeing it.
|
#
1.28 |
|
28-Dec-2001 |
millert |
Fix memory leak with EPRT command; Hiroyuki YAMAMORI
|
#
1.27 |
|
07-Dec-2001 |
mpech |
kill more registers;
millert@ ok
|
#
1.26 |
|
04-Dec-2001 |
millert |
Kill setjmp/longjmp o fix error recovery in the parser so there is no longer a need for jmping o make SIGURG handler interupt syscalls and just set a flag that we test for later.
Use waitpid() not wait3() for portability. Restart waitpid() loop if another signal interrupts us.
Calling dologout() from signal handlers is safe because it doesn't use stdio, nor do the two functions it calls (logout and ftpdlogwtmp).
|
#
1.25 |
|
05-Nov-2001 |
deraadt |
more signal marks, and some syslog_r in handlers
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.24 |
|
14-Nov-2000 |
itojun |
cleanup EPSV/EPRT error handling. avoid possible memory leak (getaddrinfo). correct error code on unsupported protocol parameter against EPRT (522).
|
#
1.23 |
|
13-Nov-2000 |
itojun |
combine check_epsvall + check_login into check_login_epsvall. we cnanot split check_login and check_epsvall. if we do that, we end up generating two results against single comand.
|
#
1.22 |
|
13-Nov-2000 |
itojun |
make sure to check_login on EPSV/LPSV. move epvsall check into check_epsvall.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.21 |
|
17-Jun-2000 |
deraadt |
pr 772; -u blocks chmod command, michaels@inet.no
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.20 |
|
29-Apr-2000 |
deraadt |
indent
|
#
1.19 |
|
15-Jan-2000 |
ericj |
(char *)0 -> NULL cleanup. From NetBSD
|
#
1.18 |
|
08-Dec-1999 |
itojun |
IPv6 support from KAME. XXX kerberos and tcp_wrapper needs checking
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.17 |
|
08-Oct-1999 |
deraadt |
correct; dholland@hcs.harvard.edu, root@zen.ics.uwe.ac.uk
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.16 |
|
22-May-1998 |
deraadt |
use TM_YEAR_BASE; lukem
|
Revision tags: OPENBSD_2_3_BASE
|
#
1.15 |
|
03-Feb-1998 |
downsj |
Work around a glob() and Netscape problem; the local glob() hacker may want to read the commentary if he wants another project.
|
#
1.14 |
|
18-Dec-1997 |
deraadt |
Be so specific about the exact details of a PORT command error, that we strike fear into the hearts of attackers (naw, I bet not...)
|
#
1.13 |
|
18-Dec-1997 |
deraadt |
bitch if attacker tries to make PORT values overflow each other (they cannot anyways, but let him know we are onto him)
|
#
1.12 |
|
12-Dec-1997 |
deraadt |
default to violating the RFC wrt the PORT command. Use -P to conform to the RFC and possibly open up non-OpenBSD boxes in a trust relationship on your network to possible ftp bounce attacks...
|
Revision tags: OPENBSD_2_2_BASE
|
#
1.11 |
|
23-Jul-1997 |
kstailey |
tabify
|
#
1.10 |
|
22-Jul-1997 |
deraadt |
setproctitle less
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.9 |
|
02-Jan-1997 |
bitblt |
Fix for the shift-reduce conflict, contributed by dholland@hcs.harvard.edu, who is porting the OpenBSD ftpd to (of all things) Linux.
|
#
1.8 |
|
07-Dec-1996 |
bitblt |
ftpd now eventually times out if a ftp client does: pasv list and then crashes. The timeout should only apply the the accept(), so that transfers can take as long as necessary to complete. Thanks to Theo for moving toolong() to extern.h so that it can be used in ftpd.c as well as in ftpcmd.y.
|
#
1.7 |
|
16-Oct-1996 |
bitblt |
Fixed a memory leak associated with the HELP and SITE HELP commands.
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.6 |
|
19-Sep-1996 |
bitblt |
reduced the number of command availibe to users who are not logged in, fixed a memory leak in RNFR
|
#
1.5 |
|
04-Sep-1996 |
deraadt |
clear passwd, for safety
|
#
1.4 |
|
22-Aug-1996 |
deraadt |
de-gibble ftpd for w
|
#
1.3 |
|
07-Aug-1996 |
downsj |
strcpy -> strncpy, kill off a strdup() clone.
|
#
1.2 |
|
23-Apr-1996 |
deraadt |
sync with netbsd 960418
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|