form@ has mentioned this bug to me on multiple occasions, so
here it goes: after the USER command has been given, any other
command excluding PASS produces double error. form@ says that
it confuses some clients. I'm not certain why would a client
send something else than a PASS, NOOP or HELP that all work,
but here it is.
Current (incorrect) behavior:
kemushi:~% telnet localhost 21
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 kemushi.esdenera.com FTP server ready.
USER anonymous
331 Guest login ok, send your email address as password.
TYPE
530 Please login with USER and PASS.
500 'TYPE': command not understood.
PASS me
230 Guest login ok, access restrictions apply.
QUIT
221 Goodbye.
Connection closed by foreign host.
Notice how 530 and 500 were both returned for the TYPE command
that is not valid in this context. Now with the proposed fix:
kemushi:~% telnet localhost 21
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 kemushi.esdenera.com FTP server ready.
USER anonymous
331 Guest login ok, send your email address as password.
TYPE
530 Please login with USER and PASS.
PASS me
230 Guest login ok, access restrictions apply.
QUIT
221 Goodbye.
Connection closed by foreign host.
Opinions?
Index: libexec/ftpd/ftpcmd.y
===================================================================
RCS file: /home/cvs/src/libexec/ftpd/ftpcmd.y,v
retrieving revision 1.65
diff -u -p -U5 -r1.65 ftpcmd.y
--- libexec/ftpd/ftpcmd.y 17 Apr 2017 21:49:01 -0000 1.65
+++ libexec/ftpd/ftpcmd.y 25 Apr 2017 17:03:39 -0000
@@ -954,10 +954,12 @@ check_login
if (logged_in)
$$ = 1;
else {
reply(530, "Please login with USER and PASS.");
$$ = 0;
+ state = 0;
+ YYABORT;
}
}
;
check_login_epsvall
