[general-l] -ERR: received signal #13 {02}

Wed, 11 Dec 2002 10:24:15 +0100 

De : Miguel A. Argaqaraz2 . [mailto:[EMAIL PROTECTED]
> I think is a Bug, because I only get this error in only one case.
> 
> What I have different from each network/configuration is that 
> this special
> case has a Firewall-1 as a firewall. When he tries to connect
> I see "-ERR: received signal #13" in the log, and the 
> connection is refused.
> 
> I have tried the ftp.proxy with an public ip address in the 
> client host,
> and trought a linux doing masquerading, using an active ftp 
> session, and everything
> works flawlesly.
> 
> What else do you need in order me to help you?
> 
> Regards,
> Miguel.

So, I strongly agree with you: it's a bug.
In fact it's both a ftp.proxy and a firewall-1 bug.
Firewall-1 can't do statefull ftp firewalling with ftp queries or replies
that cross the ip packets bounds (for instance, if the ftp client says "STOR
" in a packet and "/tmp/foo.bar" in the next one), in that case Firewall-1
closes the connection in a way that send SIGPIPEs (#13) to ftp.proxy.
Ftp.proxy send some ftp queries and replies across ip packets bounds,
sending the while query but the final end of line sequence ("\r\n") in a
packet, and the eol sequence in the next packet.
As far as I know, this bug may not appear even with firewall-1, depending on
the operating system, of its ip options and of routers between the ftp.proxy
and the firewall-1 machines, since ip packets can be defragmented in a way
that fix the bug.

This patch should help you:

diff -Nur ../ftpproxy-1.1.5/src/ftp.c ./src/ftp.c
--- ../ftpproxy-1.1.5/src/ftp.c Mon Feb  4 18:11:21 2002
+++ ./src/ftp.c Tue Aug 21 10:21:00 2001
@@ -477,11 +477,20 @@
 
 int cfputs(ftp_t *x, char *line)
 {
+       char    *buf;
+       int     n;
+
        if (debug)
                fprintf (stderr, ">>> CLI: %s\n", line);
-               
-       write(1, line, strlen(line));
-       write(1, "\r\n", 2);
+
+       n = strlen(line);
+       buf = malloc(n+3);
+       strcpy(buf, line);
+       strcat(buf, "\r\n");
+       write(1, buf, n+2); /* call write() once only, because some
firewalls
+                              don't allow queries to continue accross
network
+                              packets */
+       free(buf);
 
        return (0);
 }


Please tell us if ftp.proxy still doesn't work properly with this patch.

--
Greg.

Reply via email to