From tri@pooh.tky.hut.fi Thu Apr 9 06:58:28 1998 Received: from santra.hut.fi (santra.hut.fi [130.233.224.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA28954 for ; Thu, 9 Apr 1998 06:58:27 -0700 (PDT) (envelope-from tri@pooh.tky.hut.fi) Received: from pooh.tky.hut.fi (pooh.tky.hut.fi [130.233.23.135]) by santra.hut.fi (8.8.8/8.8.7) with ESMTP id QAA29308 for ; Thu, 9 Apr 1998 16:58:23 +0300 (EET DST) Received: (from tri@localhost) by pooh.tky.hut.fi (8.8.8/8.8.8) id QAA10554; Thu, 9 Apr 1998 16:58:22 +0300 (EEST) (envelope-from tri) Message-Id: <199804091358.QAA10554@pooh.tky.hut.fi> Date: Thu, 9 Apr 1998 16:58:22 +0300 (EEST) From: "Timo J. Rinne" Reply-To: tri@pooh.tky.hut.fi To: FreeBSD-gnats-submit@freebsd.org Subject: ftp client follows NULL pointer X-Send-Pr-Version: 3.2 >Number: 6254 >Category: bin >Synopsis: ftp client follows NULL pointer >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Apr 9 07:00:01 PDT 1998 >Closed-Date: Mon Apr 13 16:37:28 PDT 1998 >Last-Modified: Mon Apr 13 16:38:46 PDT 1998 >Originator: Timo J. Rinne >Release: FreeBSD 3.0-971225-SNAP i386 >Organization: Helsinki University of Technology >Environment: ftp in i386 version of FreeBSD current >Description: Hit C-d to ftp client when it asks for username. It sends garbage to the remote end and receives password query for user that has id containing garbage. >How-To-Repeat: ftp my-ftp-server Connected to my-ftp-server. 220 taulu.ssh.fi FTP server (Version 6.00) ready. Name (taulu:tri): *** Control-D here with no username. 331 Password required for 0ο. Password: >Fix: Should be simple. Exit if NULL returned by username query. >Release-Note: >Audit-Trail: From: Max Euston To: "'tri@pooh.tky.hut.fi'" , "FreeBSD-gnats-submit@FreeBSD.ORG" Cc: Subject: RE: bin/6254: ftp client follows NULL pointer Date: Thu, 9 Apr 1998 15:06:30 -0400 On Thursday, April 09, 1998 9:58 AM, Timo J. Rinne [SMTP:tri@pooh.tky.hut.fi] wrote: > ftp my-ftp-server > > Connected to my-ftp-server. > 220 taulu.ssh.fi FTP server (Version 6.00) ready. > Name (taulu:tri): > *** Control-D here with no username. > 331 Password required for 0I?. > Password: > Are you sure you are running 'ftp' (client) *from* a FreeBSD box :-)? I have seen this happen when running 'ftp' from another system to connect to 'ftpd' (server) on a FreeBSD box. If you start 'ftp' with the '-d' (debug) option, it will show you what commands the client ('ftp') is sending to the server ('ftpd'). On my -STABLE system, 'ftp -d ' does *not* send a 'USER ' command when you enter Control-D at the 'Name (xxx:xxx):' prompt. On an AT&T system with 'ftp -d ', the Control-D sends "garbage" (unterminated string?) as you described, to 'ftpd' on the FreeBSD machine. If this is the case, I don't think that the 'ftpd' server on FreeBSD cou ld/should try to verify the user name (feel free to convince me otherwise :-)). If other clients ('ftp') send 'USER ', how would we verify user names with non-ascii character sets (i.e. with high bit set)? (I am by no means an expert when it comes to non-US character sets). Hope this helps. Max ----- Max Euston State-Changed-From-To: open->closed State-Changed-By: steve State-Changed-When: Mon Apr 13 16:37:28 PDT 1998 State-Changed-Why: This has been fixed by in both -stable and -current. Thanks to Max Euston for pointing this out. >Unformatted: