Home | History | Annotate | Download | only in ftpd
History log of /src/libexec/ftpd/popen.c
RevisionDateAuthorComments
 1.38  17-Mar-2016  christos volatile for gcc 5
 1.37  20-Mar-2010  christos PR/43023: Bruce Cran: FTPD bug remote crash
Since we specify NOCHECK, in the NOMATCH case gl_pathv can be NULL.
(From FreeBSD)
 1.36  18-Mar-2009  lukem Fix 'vfork clobber' warning on vax.
Problem noted by and fix confirmed by Olaf 'Rhialto' Seibert.
 1.35  15-Mar-2009  lukem Fix WARNS=4 issues (const & sign mismatches, etc)
Ensure various ftpd.conf values can't exceed their underlying types.
 1.34  13-Sep-2008  lukem branches: 1.34.4; 1.34.6; 1.34.8; 1.34.10;
Crank copyright dates
 1.33  09-Jun-2008  lukem Don't use non-standard "u_<foo>" types.
Strip trailing whitespace (as well as ':'s) off PAM password prompts.
Improve some debug logging related to PAM.
 1.32  28-Apr-2008  martin branches: 1.32.2;
Remove clause 3 and 4 from TNF licenses
 1.31  01-Feb-2006  christos branches: 1.31.4; 1.31.18;
debug -> ftpd_debug
xstrdup -> ftpd_strdup
 1.30  09-Aug-2004  lukem Fixes from (or inspired by) OpenBSD:
* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.

My stuff:
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue. (I also can't find the reference in
RFC2228 where MIC, CONF & ENC are OOB-only commands. Go figure.)
I could clean up the is_oob stuff some more, but the remaining stuff
in ftpcmd.y is harmless and it's unnecessary churn right this moment.
 1.29  07-Aug-2003  agc branches: 1.29.2;
Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22284, verified by myself.
 1.28  16-Jan-2003  kleink Rename `sigset' locals to avoid symbol shadowing warning.
 1.27  01-Dec-2001  lukem branches: 1.27.2;
- enable case insensitive fnmatch(3)ing for hostname globs in ftpusers(5)
- enable WARNS=2
 1.26  25-Apr-2001  lukem crank copyrights of files changed this year
remove superfluous byte_count update in send_file_list
crank version
 1.25  18-Mar-2001  christos don't leak globbed memory.
 1.24  16-Mar-2001  christos Use GLOB_LIMIT. Also fix a bug where gl_offs was not initialized and could
contain trash.
 1.23  30-Nov-2000  lukem - move password checking into separate valid_passwd() function, to assist
in porting to other systems.
- don't syslog() or setproctitle() "ACCT" lines (as per "PASS")
- replace #ifdef HASSETPROCTITLE with #if HAVE_SETPROCTITLE, and set the
latter #ifdef BSD4_4
- don't compile in internal `ls' #ifdef NO_INTERNAL_LS. will need Makefile
support if this is to be used on NetBSD.
 1.22  20-May-2000  lukem branches: 1.22.4;
- Always close(pdata) if it was a valid filedescriptor before setting it to -1.
Problem noted in [bin/9642] by Takahiro Kambe <taca@sky.yamashina.kyoto.jp>,
(part of which already had been solved by itojun a while ago), and provided
patch covered most of the fixes needed. (Thanks Takahiro!)
- Consistently indent goto labels by one space.
 1.21  20-May-2000  lukem convert to ANSI C as per style guide
 1.20  05-Mar-2000  lukem * don't bother with a version[] string, just use the macro as appropriate
* clean some more of the GLOBAL stuff
* fix unused var if -UHASSETPROCTITLE
 1.19  12-Jan-2000  lukem * add ftpd.conf directive `portrange class min max', which allows specification
of the port range used by passive connections. based on work in [bin/9158]
from Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
* change the way global variables are defined and extern-ed to be more
consistent.
 1.18  12-Dec-1999  lukem * change format of /etc/ftpusers lines from
userglob [allow|deny]
to
userglob[@host] [allow|deny [classname]]
where class is a userdefined classname.
- if host is given it may either be a CIDR address (e.g, `1.2.3.0/24') or a
hostglob (e.g, `*.foo.com'), and the remote host is matched against that.
- if classname is given, use that to match entries in ftpd.conf (defaults
to `guest' for `anonymous'/`ftp' logins, `chroot' for users found in
/etc/ftpchroot, and `real' for everyone else.

* implement new /etc/ftpd.conf directives:
classtype classname type set type of classname to GUEST, CHROOT, or REAL
motd classname file file to use instead of /etc/motd
rateget classname rate set rateget throttle to rate
rateput classname rate set rateput throttle to rate
upload classname allow/deny uploads (STOU, STOR, APPE). if
denied, also acts as `modify deny'.

* implement new `SITE' commands:
RATEGET as per /etc/ftpd.conf rateget, but cannot exceed that
RATEPUT as per /etc/ftpd.conf rateput, but cannot exceed that

* implement format_file(), which outputs a file to the user, parsing %
escapes. use to print /etc/ftpwelcome, /etc/motd, and the `display' file.

* implement strsuftoi() (from ftp(1)), which parses a number and
optional suffix (for use with rateget, etc)

* don't bother seteuid(0) ; bind(...) ; seteuid(pw->pw_uid), since
we don't need reserved ports (at wasn't getting them anyway).

* update & reorder copyrights

* use strlcpy() as appropriate
 1.17  07-Dec-1999  lukem * change ftpd_popen() to take char *argv[] instead of char *cmd.
the string tokenisation must be performed by the caller (which is
generally easy because it's almost always a static command).
* change do_conversion() to return a char *argv[] instead of char *cmd.
tokenisation of the command is done internally.
* change retrieve() to take char *argv[] instead of char *cmd.
(to take advantage of the above changes). fixes [bin/8173]
* use fparseln() instead of fgetln()
* store conversions in listed order (rather than reverse order)
* use stringlists instead of handrolling code to manage an argv.
 1.16  25-Aug-1999  christos branches: 1.16.4;
more kerberos5 fixes
 1.15  18-May-1999  lukem * fix a problem in retrieve() where arguments to commands weren't working
(this was broken in the last commit). problem noticed by simonb@
* don't display the stderr output of the internal ls.
* modify usage of lreply so that generally only one `XXX-' code per
`block' is displayed; the rest of the lines have four spaces instead.
i find this easier to read.
* fix a couple places where byte accounting wasn't correct
 1.14  17-May-1999  lukem features/fixes:
* implement xferstats. full stats are displayed for `STAT', and a
summary is displayed upon exit (and syslogged). inspired by wu-ftpd.
* wrap data xfers in {send,receive}_data with alarm() timeouts. this
should remove the majority of the `hanging ftpd' problems that
people were still seeing. inspired by wu-ftpd.
* link with ../../bin/ls, so that bin/ls is not required under a
chroot()ed area for `LIST' to work. based on [bin/4497] from
"Soren S. Jorvang" <soren@t.dk>
* migrate code from util.c into ftpd.c, so that it doesn't conflict
with ls' util.c.
* remove man page comment about ~ftp/bin/ls being necessary.
* bump version to 7.2.0.
* syslog xfer time with xfer stats.
* if appropriate, syslog error message with command.

internal code stuff:
* change arguments of various functions from `char *' to `const char *'.
* define PLURAL(x) macro, which returns `' if x == 1, `s' otherwise.
use macro appropriately
* lreply(): a code of -1 means ``send line as is''. a code of 0
means ``send line with 4 space prefix''. don't print a space after
the `-' for any other code.
* logcmd(): add `const struct timeval *elapsed' and `const char *error'
for more flexible error reporting
 1.13  24-Feb-1999  explorer branches: 1.13.2;
Make this build with KERBEROS5 defined.
 1.12  28-Dec-1998  lukem * replace LOG(CMD|BYTES) macros with logcmd(), which is a cleaner
solution with less code replication. use realpath() in logcmd() so
that all logged filenames are sane.
* support `REST STREAM' in `FEAT' reply (from draft-ietf-ftpext-mlst-05)
* in 'HELP', suffix unimplemented commands with `-' instead of `*'; the
former is easier to differentiate from `+'.
* deprecate curdir() now that logcmd() doesn't use it.
* ensure all filename buffers are at least MAXPATHLEN+1 in size.
* move jmp_buf errcatch out of extern.h, removing need to #include <setjmp.h>
in every file.
 1.11  06-Sep-1998  lukem * complete fix for `multiple replies returned for single parse error'
problem; move `hasyyerrored' state flag out of yylex() so that
check_{login,modify} can also set it.
* check result of check_login for PORT command
* set initial timeout before the "setjmp(); for(;;) yyparse()",
otherwise an invalid command after login incorrectly sets the timeout
to 5 minutes (rather than what was set in ftpd.conf)
* replace (char *)0 with NULL
* move yyerror() from ftpd.c to ftpcmd.y
* remove need for -Dunix, by using the version string from ftpd.c
(instead of `BSD-199506')
* move all extern-ed vars into extern.h
 1.10  19-Jun-1998  kleink GLOB_QUOTE is dead; per POSIX, backslash quoting of special characters being
enabled is the default behaviour.
 1.9  08-Jun-1998  lukem support displaying the stderr output from a LIST or a conversion to
the user at the end of a transfer.
this generates a file in /tmp, so anonymous requires a
writable ~ftp/tmp, which you may not want to do (because it may
allow people to unwanted upload files).

XXX: a better method of storing the stderr output would be nice, but
is a lot more effort to implement. this feature can at least be
used temporarily whilst debugging why an ftp conversion doesn't
work.
 1.8  18-Jun-1997  christos - Pass gcc -Wall
- Fix incorrect const poisoning
- Fix ftpd_popen to dynamically allocate strings to avoid buffer overruns.
 1.7  14-Jun-1997  lukem * implement /etc/ftpd.conf, which adds support for the following features,
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
 1.6  27-Apr-1997  lukem * fix "cd ~" so that it works (from Simon Burge <simonb@telstra.com.au>
* move resetting of CFLAGS on powerpc to before optional CFLAGS settings
* minor code & man page cleanups
 1.5  11-Apr-1995  cgd clean up RCS Id's and a couple of stype nits.
Also, fix bug 947 (reported by Luke Mewburn, extraneous vers.c)
 1.4  21-Mar-1995  mycroft Use POSIX signals.
 1.3  29-Jun-1994  deraadt 4.4-lite, plus our local changes
 1.2  01-Aug-1993  mycroft Add RCS identifiers.
 1.1  21-Mar-1993  cgd branches: 1.1.1;
Initial revision
 1.1.1.2  29-Mar-1997  cjs 4.4BSD-lite2 import.
 1.1.1.1  21-Mar-1993  cgd initial import of 386bsd-0.1 sources
 1.13.2.1  01-Apr-2001  he Pull up revision 1.24 (requested by christos):
Fixes buffer overflow problems in glob(3). Adds and uses GLOB_LIMIT
to prevent denial of service attacks.
 1.16.4.1  27-Dec-1999  wrstuden Pull up to last week's -current.
 1.22.4.2  26-Aug-2004  jmc Pullup rev 1.26-1.30 (requested by he in ticket #158)

Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
 1.22.4.1  29-Mar-2001  lukem sync ftpd to -current with the following revisions (for lukem/christos):
Makefile 1.43-1.44
cmds.c 1.7-1.8, 1.10-1.12
conf.c 1.35-1.40
extern.h 1.32-1.38
ftpcmd.y 1.53-1.59
ftpd.8 1.58-1.63
ftpd.c 1.102-1.104, 1.106-1.122
ftpd.conf.5 1.12-1.15
ftpusers.5 1.8
logwtmp.c 1.16
popen.c 1.23-1.25
version.h 1.28

a quick summary of user-visible changes;
- fix glob DoS by using GLOB_LIMIT
- add ftpd.conf directives `advertise', `maxfilesize', `sanenames'
- add flags: -P dataport, -X - wuftpd style log entries,
-q/-Q - (en|dis)able pidfiles, -u/-U - (en|dis)able utmp,
-w/-W - (en|dis)able wtmp
 1.27.2.1  31-Aug-2004  jmc Pullup rev 1.28-1.30 (requested by he in ticket #1739)

Update to NetBSD ftpd 20040809. Fixes SA#2004-009.
 1.29.2.1  12-Aug-2004  jmc Pullup rev 1.30 (requested by lukem in ticket #757)

* Fix yacc parser error recovery so that setjmp(3)/longjmp(3) is unnecessary.
* Fix SIGURG handler to set an urgflag that's later tested, rather than
abusing setjmp(3)/longjmp(3).
* Use "volatile sig_atomic_t" as the type of variables modified by sig handlers.
* Use sigaction(3) instead of signal(3) to set the signal handlers.
* Only set the main SIGALRM handler once. If we need to change it,
cache the old handler and restore appropriately...
* Remove a bunch of signal races by improving the signal handlers.
* Fix memory leak with 'ESPV ALL'.
* Clean up the debug message in reply(); use vsnprintf(3) instead of vsyslog(3).
* Rework parsing of OOB commands to _not_ use the yacc parser, since the
latter isn't reentrant and the hacks to work around that are ugly.
We now examine urgflag at appropriate locations and call handleoobcmd()
if it's set. Since the only OOB commands we currently implement are
ABOR and STAT, this isn't an issue.
 1.31.18.2  17-Jun-2008  yamt sync with head.
 1.31.18.1  18-May-2008  yamt sync with head.
 1.31.4.1  13-Jun-2010  riz Pull up following revision(s) (requested by dholland in ticket #1395):
libexec/ftpd/popen.c: revision 1.37
PR/43023: Bruce Cran: FTPD bug remote crash
Since we specify NOCHECK, in the NOMATCH case gl_pathv can be NULL.
(From FreeBSD)
 1.32.2.2  24-Sep-2008  wrstuden Merge in changes between wrstuden-revivesa-base-2 and
wrstuden-revivesa-base-3.
 1.32.2.1  23-Jun-2008  wrstuden Sync w/ -current. 34 merge conflicts to follow.
 1.34.10.1  21-Apr-2010  matt sync to netbsd-5
 1.34.8.1  12-Apr-2010  snj Pull up following revision(s) (requested by lukem in ticket #1372):
libexec/ftpd/popen.c: revision 1.37
PR/43023: Bruce Cran: FTPD bug remote crash
Since we specify NOCHECK, in the NOMATCH case gl_pathv can be NULL.
(From FreeBSD)
 1.34.6.1  13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.34.4.1  12-Apr-2010  snj Pull up following revision(s) (requested by lukem in ticket #1372):
libexec/ftpd/popen.c: revision 1.37
PR/43023: Bruce Cran: FTPD bug remote crash
Since we specify NOCHECK, in the NOMATCH case gl_pathv can be NULL.
(From FreeBSD)

RSS XML Feed