You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Robert Bossecker <Ro...@fresenius.de> on 1997/12/17 01:13:18 UTC
mod_proxy/1565: ftp proxy grabs files relative to login point, which may cause some confusion
>Number: 1565
>Category: mod_proxy
>Synopsis: ftp proxy grabs files relative to login point, which may cause some confusion
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Tue Dec 16 16:20:00 PST 1997
>Last-Modified:
>Originator: Robert.Bossecker@fresenius.de
>Organization:
apache
>Release: 1.2.4
>Environment:
any
>Description:
if you access a URL like:
ftp://ftpserver.ftp.server/dir1/dir2/dir3/file1
and the ftp-server is configured to push you somewhere in the hierarchy
(maybe /dir1/dir2/dir3)
the proxy module tries a
cd dir1
cd dir2
cd dir3
these requests will fail because we are already in dir3
.
>How-To-Repeat:
sorry, because the only example i know is a URL with user and password.
the given patch works as described.
>Fix:
so here i got a quick modification of the source-code
by sending a "CWD /" at the beginning of the ftp session.
----------snip---------
*** apache_1.2.4.old/src/modules/proxy/proxy_ftp.c Fri Aug 15 19:08:55 1997
--- apache_1.2.4/src/modules/proxy/proxy_ftp.c Tue Dec 16 13:19:41 1997
***************
*** 595,600 ****
--- 595,623 ----
/* this is what we must do if we don't know the OS type of the remote
* machine
*/
+ /* explicitly set the directory to /, to prevent from
+ being trapped by ftp-servers, which already set the
+ actual directory */
+
+ bputs("CWD /\015\012", f);
+ bflush(f);
+ Explain0("FTP: CWD /");
+ /* responses: 250, 421, 500, 501, 502, 530, 550 */
+ /* 1,3 error, 2 success, 4,5 failure */
+ i = ftp_getrc(f);
+ Explain1("FTP: returned status %d",i);
+ if (i == -1) {
+ kill_timeout(r);
+ return proxyerror(r, "Error sending to remote server");
+ }
+ if (i == 550) {
+ kill_timeout(r);
+ return NOT_FOUND;
+ }
+ if (i != 250) {
+ kill_timeout(r);
+ return BAD_GATEWAY;
+ }
for (;;)
{
p = strchr(path, '/');
%0
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]