You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Ted Keller <ke...@bfg.com> on 1999/08/03 21:00:43 UTC

mod_proxy/4811: FTP Proxy Fails to retrieve files if hidden directory is in its path

>Number:         4811
>Category:       mod_proxy
>Synopsis:       FTP Proxy Fails to retrieve files if hidden directory is in its path
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Aug  3 12:10:00 PDT 1999
>Last-Modified:
>Originator:     keller@bfg.com
>Organization:
apache
>Release:        1.3.6
>Environment:
Solaris 2.7
gcc-2.8.1
Socks5 support
>Description:
The ftp proxy, after connected, parses the url and performs a series of CWDs
to walk the file path.  On Microsoft ftp servers (have not tested on others), if
one of the directories is hidden, the CWD fails with a 550 return code and a file 
not found is returned to the client.  Using direct client against the Microsoft FTP
proxy, the file/directory is found and displayed.  

Another issue suspected is the Micro ftp server does not recognize the SIZE command.
This will then cause problem in determining if the final token of the URL is a file 
or directory item.
>How-To-Repeat:
Site visited is private. 
>Fix:
perform a CWD on the complete URL path name.  If that fails, assume the final token
is a file and execute a simple get on the file.  If the CWD succeeds, perform the 
standard list function.

>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]