OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 11-Sep-2005 13:17:46
Branch: HEAD Handle: 2005091112174600
Added files:
openpkg-src/proftpd proftpd.patch
Modified files:
openpkg-src/proftpd proftpd.spec
Log:
After a few hours of debugging ProFTPd I was finally able to find the
reason why ProFTPd in its latest version(s) has a broken FTP protocol
handling of "DisplayReadme README*" is active and a top-evel README file
exists (as it is usually the case on most of my FTP services).
See the long description in the patch file for details.
Summary:
Revision Changes Path
1.9 +79 -0 openpkg-src/proftpd/proftpd.patch
1.96 +3 -1 openpkg-src/proftpd/proftpd.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/proftpd/proftpd.patch
============================================================================
$ cvs diff -u -r0 -r1.9 proftpd.patch
--- /dev/null 2005-09-11 13:17:15 +0200
+++ proftpd.patch 2005-09-11 13:17:46 +0200
@@ -0,0 +1,79 @@
+If "DisplayReadme README*" (mod_readme) is configured and a top-level
+README file exists, mod_readme's "Please read the file README[...]"
+response lines breaks the FTP protocol already at login time just after
+the "PASS" request:
+
+---> PASS anonymous@
+<--- (null)-Please read the file README
+<--- (null)- it was last modified on Sat Sep 10 20:45:37 2005 - 1 day ago
+<--- (null) Anonymous access granted, restrictions apply.
+
+The "(null)" comes from passing a NULL pointer to the format string "%s"
+on FreeBSD -- on other platforms it could even lead to a segmentation
+fault.
+
+The reason for the broken response codes is that the mod_readme response
+is added to the top of the the internal response list "resp_list" with
+the response code R_DUP (= NULL) in mod_readme's POST_CMD for "PASS",
+*before* mod_auth's POST_CMD for "PASS" later adds its "Anonymous access
+granted, restrictions apply" with a code of "230". But R_DUP only works
+if it is *following* a previous (non R_DUP/NULL) response.
+
+As a possible workaround we make sure that if a numeric (non R_DUP/NULL)
+response is added to "resp_list" and the first already existing response
+is R_DUP/NULL, insert the new response before and not after the existing
+R_DUP response. After this workaround the protocol handling is fixed,
+although the order of the response messages is slightly different:
+
+---> PASS anonymous@
+<--- 230-Anonymous access granted, restrictions apply.
+<--- 230-Please read the file README
+<--- 230 it was last modified on Sat Sep 10 20:45:37 2005 - 1 day ago
+
+Alternative solutions we investigated in were:
+
+First, mod_readme's "POST_CMD" handler could have been dispatched
+*after* mod_auth's "POST_CMD" handler. This doesn't work because
+mod_auth finally HANDLES the command and does not DECLINE it.
+
+Second, mod_readme could use R_230 instead of R_DUP. But currently
+mod_readme uses a generic callback for all commands including "CWD",
+etc. And R_230 is intended after "PASS" and not "CWD".
+
+Finally, as inside ProFTPd the R_DUP is used also at other possibilities
+(where it also could break), we decided to fix the handling directly in
+the response list management routines.
+
+ --rse 20050911
+
+Index: src/response.c
+--- src/response.c.orig 2005-07-05 17:42:01 +0200
++++ src/response.c 2005-09-11 12:12:58 +0200
+@@ -124,8 +124,11 @@
+ resp->num = (numeric ? pstrdup(resp_pool, numeric) : NULL);
+ resp->msg = pstrdup(resp_pool, resp_buf);
+
+- for (head = &resp_err_list; *head && (!numeric || !(*head)->num ||
+- strcmp((*head)->num, numeric) <= 0); head = &(*head)->next);
++ for (head = &resp_err_list;
++ *head
++ && (!numeric || !(*head)->num || strcmp((*head)->num, numeric) <= 0)
++ && !(numeric && !(*head)->num && head == &resp_list);
++ head = &(*head)->next);
+
+ resp->next = *head;
+ *head = resp;
+@@ -145,8 +148,11 @@
+ resp->num = (numeric ? pstrdup(resp_pool, numeric) : NULL);
+ resp->msg = pstrdup(resp_pool, resp_buf);
+
+- for (head = &resp_list; *head && (!numeric || !(*head)->num ||
+- strcmp((*head)->num, numeric) <= 0); head = &(*head)->next);
++ for (head = &resp_list;
++ *head
++ && (!numeric || !(*head)->num || strcmp((*head)->num, numeric) <= 0)
++ && !(numeric && !(*head)->num && head == &resp_list);
++ head = &(*head)->next);
+
+ resp->next = *head;
+ *head = resp;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/proftpd/proftpd.spec
============================================================================
$ cvs diff -u -r1.95 -r1.96 proftpd.spec
--- openpkg-src/proftpd/proftpd.spec 25 Jul 2005 06:25:45 -0000 1.95
+++ openpkg-src/proftpd/proftpd.spec 11 Sep 2005 11:17:46 -0000 1.96
@@ -33,7 +33,7 @@
Group: FTP
License: GPL
Version: 1.3.0rc2
-Release: 20050725
+Release: 20050911
# package options
%option with_ifsession no
@@ -53,6 +53,7 @@
Source2: proftpd.msg.goaway
Source3: proftpd.msg.login
Source4: rc.proftpd
+Patch0: proftpd.patch
# build information
Prefix: %{l_prefix}
@@ -106,6 +107,7 @@
%prep
%setup -q
+ %patch -p0
%{l_shtool} subst \
-e '/LINENO: error: C[+]* preprocessor/{N;N;N;N;s/.*/:/;}' \
configure
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
