Hi Abhilash,

  We'll discuss this offline.

~Kini

On Wed, 30 Jan 2008 11:06 -0000, Abhilash wrote:

}
}Sir,
}
} Me Abhilash T.G (oso183)and arjun (oso211)has fixed a bug 6374978. The 
}diff file os attached. Just see it. Pls do reply if correct. you were 
}sponsoring us.
}
}
}Bug ID  6374978  
}Synopsis  ftpd doesn't like passwords that start with a minus.  
}State  1-Dispatched (Default State)  
}Category:Subcategory  network:ftp_server  
}Keywords  ftp | onnv_triage  
}Reported Against  2.9 , 5.10  
}Duplicate Of   
}Introduced In   
}Commit to Fix   
}Fixed In   
}Release Fixed   
}Related Bugs   
}Submit Date  20-JAN-2006  
}Last Update Date  12-OCT-2006  
}Description  ftpd can't handle passwords that start with a -.
}
}If you check 
http://cvs.opensolaris.org/source/xref/on/usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/ftpd.c#2685
}
}you can see:
}
}   2685        if (*passwd == '-')
}   2686            passwd++;
}
}Thus the rest of the password is later compared with the real one and fails.
}
}There's nothing wrong with a password of "-password", and it works fine for 
any other login type.  So this is a bug.
}Turns out this is sort-of by design.  in.ftpd(1), under "General FTP 
Extensions" reads:
}       A user whose FTP client hangs on a long reply, for example, a multiline
}       response, should use a dash (-) as the first character of the user's 
password,
}       as this disables the Server's lreply() function.
}
}However, this being the case, the password should be checked for correctness 
*first*, and *then* the first character checked for being '-' and if so that 
removed and then the password checked again.  Otherwise we see this broken 
behaviour. 
}Work Around  type a password of "-password" in FTP as "--password" 
}
}
}
}Abhilash
}Arjun
}

-- 
Sun Microsystems - India Engineering Centre
http://blogs.sun.com/jkini

Reply via email to