4.1.31 ftp proxy doesn't handle 123- commands Private: (?)
No
According to RFC 959 the following is valid:
123-First line
Second line
234 A line beginning with numbers
123 The last line
ip_ftp_pxy.c bails out and quits proxying when the first character is not a
digit. It should ignore all lines after 220- until it sees 220 . But if the
first
character of a succeeding line after the 220- is not a space, then the
ip_ftp_pxy.c modules bails.
Dec 4 09:59:19 H101490 kernel: IN: 18 seq 1d6d5373/0 ack 606a3eeb/0 len
78/130 off 52
Dec 4 09:59:19 H101490 kernel: sel 0 seqmin 0/0 offset 0/0
Dec 4 09:59:19 H101490 kernel: sel 0 ackmin 0/0 offset 0/0
Dec 4 09:59:19 H101490 kernel: rv 1 t:seq[0] 606a3eeb seq[1] 0 0/0
Dec 4 09:59:19 H101490 kernel: ippr_ftp_process:len 78/0 off 130 wptr c316fd0e
junk 0 [purpose of tracking down intruders. In the course of monitoring
individuals
Dec 4 09:59:19 H101490 kernel: ]
Dec 4 09:59:19 H101490 kernel: ippr_ftp_server_valid:bad:junk 0 len 78/77
c 0x70 buf [purpose of tracking down intruders. In the course of monitoring
individuals
Dec 4 09:59:19 H101490 kernel: ]
Dec 4 09:59:19 H101490 kernel: ippr_ftp_valid=1 len 78 rv 1 ptr
c316fcc0/c316fd0e buf [purpose of tracking down intruders. In the course of
monitoring individuals
Dec 4 09:59:19 H101490 kernel: ]
Dec 4 09:59:19 H101490 kernel: ippr_ftp_process:cmds == 0 junk == 1
/*
* Off to a bad start so lets just forget about using the
* ftp proxy for this connection.
*/
if ((f->ftps_cmds == 0) && (f->ftps_junk == 1)) {
/* f->ftps_seq[1] += inc; */
if (ippr_ftp_debug > 1)
printf("%s:cmds == 0 junk == 1\n",
"ippr_ftp_process");
return APR_ERR(2);
}
This works ok in 3.4.31 and looking at the 3.4.31 code I can't figure out why
it doesn't
fail also.
Below is the complete data stream:
220-
********************************* WARNING *****************************
This system is for use by authorized users only.
***********************************************************************
All activities on this system are recorded and may be monitored for the
purpose of tracking down intruders. In the course of monitoring individuals
improperly using this system or during system maintenance, the activities of
authorized users may also be monitored.
Anyone using this system expressly consents to such monitoring and is
advised
that if such monitoring reveals possible evidence of criminal activity,
system personnel may provide the evidence of such monitoring to law
enforcement officials.
GXS, Inc. 100 Edison Park Drive, Gaithersburg, MD 20878
***********************************************************************
220 Proxy first requires authentication
The ip_ftp_pxy.c bails when it hits the following line:
purpose of tracking down intruders. In the course of monitoring
individuals
