You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Robert Bossecker <Ro...@fresenius.de> on 1997/12/17 01:13:18 UTC

mod_proxy/1565: ftp proxy grabs files relative to login point, which may cause some confusion

>Number:         1565
>Category:       mod_proxy
>Synopsis:       ftp proxy grabs files relative to login point, which may cause some confusion
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Dec 16 16:20:00 PST 1997
>Last-Modified:
>Originator:     Robert.Bossecker@fresenius.de
>Organization:
apache
>Release:        1.2.4
>Environment:
any
>Description:
if you access a URL like:
ftp://ftpserver.ftp.server/dir1/dir2/dir3/file1
and the ftp-server is configured to push you somewhere in the hierarchy
(maybe /dir1/dir2/dir3)
the proxy module tries a 
cd dir1
cd dir2
cd dir3

these requests will fail because we are already in dir3
.
>How-To-Repeat:
sorry, because the only example i know is a URL with user and password.
the given patch works as described.
>Fix:
so here i got a quick modification of the source-code
by sending a "CWD /" at the beginning of the ftp session.


----------snip---------
*** apache_1.2.4.old/src/modules/proxy/proxy_ftp.c     Fri Aug 15 19:08:55 1997
--- apache_1.2.4/src/modules/proxy/proxy_ftp.c     Tue Dec 16 13:19:41 1997
***************
*** 595,600 ****
--- 595,623 ----
  /* this is what we must do if we don't know the OS type of the remote
   * machine
   */
+    /* explicitly set the directory to /, to prevent from
+      being trapped by ftp-servers, which already set the
+      actual directory */
+       
+       bputs("CWD /\015\012", f);
+         bflush(f);
+         Explain0("FTP: CWD /");
+ /* responses: 250, 421, 500, 501, 502, 530, 550 */
+ /* 1,3 error, 2 success, 4,5 failure */
+       i = ftp_getrc(f);
+         Explain1("FTP: returned status %d",i);
+       if (i == -1) {
+           kill_timeout(r);
+           return proxyerror(r, "Error sending to remote server");
+       }
+       if (i == 550) {
+           kill_timeout(r);
+           return NOT_FOUND;
+       }
+       if (i != 250) {
+           kill_timeout(r);
+           return BAD_GATEWAY;
+       }
      for (;;)
      {
        p = strchr(path, '/');
%0
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]