cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-1469799 ] FTP PORT command sends bad IP

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Tue, 18 Apr 2006 05:06:30 -0700

Bugs item #1469799, was opened at 2006-04-13 06:08
Message generated for change (Comment added) made by nobody
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1469799&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: ftp
Group: bad behaviour
Status: Open
Resolution: Invalid
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Daniel Stenberg (bagder)
Summary: FTP PORT command sends bad IP

Initial Comment:
While using libcurl 7.15.3 on a Linux Debian 3.1
platform to perform a FTP file listing (custom command
NLST *) in active mode. The client has a private IP and
 connects to the server through a FTP proxy.

Sometimes the listing succeeds (but note the strange
host name) :

* About to connect() to 132.456.789.12 port 21
* Trying 132.456.789.12... * connected
* Connected to 132.456.789.12 (132.456.789.12) port 21
* FTP 0x8d9919c state change from STOP to WAIT220
< 220 SERVER01 Microsoft FTP Service (Version 5.0).
> USER user
* FTP 0x8d9919c state change from WAIT220 to USER
< 331 Password required for user.
> PASS password
* FTP 0x8d9919c state change from USER to PASS
< 230 User user logged in.
> PWD
* FTP 0x8d9919c state change from PASS to PWD
< 257 "/user" is current directory.
* Entry path is '/user'
* FTP 0x8d9919c state change from PWD to STOP
* protocol connect phase DONE
* DO phase starts
* gethostbyname_r(2) failed for £@pOA
* Failed to resolve host name £@pOA
* Telling server to connect to 192.168.1.24:54115
> PORT 192,168,1,24,211,99
* FTP 0x8d9919c state change from STOP to PORT
< 200 PORT command successful.
* Connect data stream actively
* FTP 0x8d9919c state change from PORT to STOP
* DO phase is complete
* DO-MORE phase starts
> TYPE A
* FTP 0x8d9919c state change from STOP to LIST_TYPE
< 200 Type set to A.
> NLST *
* FTP 0x8d9919c state change from LIST_TYPE to LIST
< 150 Opening ASCII mode data connection for file list.
* Connection accepted from server
* FTP 0x8d9919c state change from LIST to STOP
* DO-MORE phase ends
< 226 Transfer complete.
* Connection #0 to host 132.456.789.12 left intact
> QUIT
* FTP 0x8d9919c state change from STOP to QUIT
< 221
* FTP 0x8d9919c state change from QUIT to STOP
* Closing connection #0

Sometimes it fails (because PORT gives server's IP
instead of its own IP):

* About to connect() to 132.456.789.12 port 21
* Trying 132.456.789.12... * connected
* Connected to 132.456.789.12 (132.456.789.12) port 21
* FTP 0x8c3a554 state change from STOP to WAIT220
< 220 SERVER01 Microsoft FTP Service (Version 5.0).
> USER user
* FTP 0x8c3a554 state change from WAIT220 to USER
< 331 Password required for user.
> PASS password
* FTP 0x8c3a554 state change from USER to PASS
< 230 User user logged in.
> PWD
* FTP 0x8c3a554 state change from PASS to PWD
< 257 "/user" is current directory.
* Entry path is '/user'
* FTP 0x8c3a554 state change from PWD to STOP
* protocol connect phase DONE
* DO phase starts
* Telling server to connect to 132.456.789.12:54054
> PORT 132,456,789,12,211,38
* FTP 0x8c3a554 state change from STOP to PORT
< 200 PORT command successful.
* Connect data stream actively
* FTP 0x8c3a554 state change from PORT to STOP
* DO phase is complete
* DO-MORE phase starts
> TYPE A
* FTP 0x8c3a554 state change from STOP to LIST_TYPE
< 200 Type set to A.
> NLST *
* FTP 0x8c3a554 state change from LIST_TYPE to LIST
< 150 Opening ASCII mode data connection for file list.
* Timeout while waiting for server connect
* DO-MORE phase ends
* Connection #0 to host 132.456.789.12 left intact
* FTP command PORT failed
> QUIT
* FTP 0x8c3a554 state change from LIST to QUIT
* FTP response reading failed
* Closing connection #0

It seems the code in ftp.c (v 1.349 2006/02/11
22:35:17) (line 1006) has a problem:

if(data->set.ftpport)

At this point, I could always see data->set.ftpport
being non null, either:
- a non significant value (the '£@pOA' from above)
- the value 'NLST *'

A convenient solution for me was to remove code from
line 1006 to 1042.

Hope this helps.
vincent.guer at neolane.net

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2006-04-18 05:06

Message:
Logged In: NO

This is not a bug, actually. The port address was the only
string parameter whose value was not kept unchanged along
the program execution. According to discussion
http://curl.haxx.se/mail/lib-2006-01/0188.html I first
believed this could be the same bug. Sorry for the confusion.
Vincent

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2006-04-17 13:55

Message:
Logged In: YES
user_id=1110

Can you provide a complete and actual code snippet that
fails for you? Is this with c-ares enabled? Is this
ipv6-enabled?

When setting FTPPORT to "-" it should get the address and
host name from the already used control connection, but I
can't really see how this can fail.

Any chance you can set a break-point in ftp_state_use_port()
and see exactly what happens in your troubling case?

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2006-04-14 07:19

Message:
Logged In: NO

Below are the all the calls to libcurl and the verbose
output. This time, the test was performed on Windows
machines, both in a local network. Context is different but
the problem looks the same: libcurl tries to resolve a
strange hostname (I could find two different cases).
client: 192.168.2.151
server: 192.168.2.86

// Init
m_pCurlHandle = curl_easy_init();

// Reset
curl_easy_reset(m_pCurlHandle);
curl_easy_setopt(m_pCurlHandle, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt(m_pCurlHandle, CURLOPT_SSL_VERIFYHOST, 0);
curl_easy_setopt(m_pCurlHandle, CURLOPT_PROGRESSFUNCTION,
CommonProgressCallback);
curl_easy_setopt(m_pCurlHandle, CURLOPT_PROGRESSDATA,
m_pProgressHandler); // m_pProgressHandler = 0x0006f818
curl_easy_setopt(m_pCurlHandle, CURLOPT_WRITEFUNCTION,
CommonWriteCallback);
curl_easy_setopt(m_pCurlHandle, CURLOPT_WRITEDATA,
this); // this = 0x0006f818
curl_easy_setopt(m_pCurlHandle, CURLOPT_READFUNCTION,
CommonReadCallback);
curl_easy_setopt(m_pCurlHandle, CURLOPT_READDATA,
this); // this = 0x0006f818
curl_easy_setopt(m_pCurlHandle, CURLOPT_NOPROGRESS, 0);

//Set PORT address
curl_easy_setopt(m_pCurlHandle, CURLOPT_FTPPORT, "-");

// Set progress handler
curl_easy_setopt(m_pCurlHandle, CURLOPT_PROGRESSDATA,
m_pProgressHandler); // m_pProgressHandler = 0x0248d0bc

// Start download
curl_easy_setopt(m_pCurlHandle, CURLOPT_VERBOSE, TRUE);
curl_easy_setopt(m_pCurlHandle, CURLOPT_CUSTOMREQUEST,
"NLST");

// Perform
curl_easy_setopt(m_pCurlHandle, CURLOPT_URL,
"ftp://192.168.2.86:31");
curl_easy_perform(m_pCurlHandle);

* About to connect() to 192.168.2.86 port 31
* Trying 192.168.2.86... * connected
* Connected to 192.168.2.86 (192.168.2.86) port 31
< 220-FileZilla Server version 0.9.14a beta
< 220-written by Tim Kosse (Tim.Kosse_at_gmx.de)
< 220 Please visit http://sourceforge.net/projects/filezilla/
> USER anonymous
< 331 Password required for anonymous
> PASS curl_by_daniel_at_haxx.se
< 230 Logged on
> PWD
< 257 "/" is current directory.
* Entry path is '/'
* Could not resolve host: 192.168.2.86; No data record of
requested type
* Failed to resolve host name ftp://192.168.2.86:31
* Telling server to connect to 192.168.2.151:2512
> PORT 192,168,2,151,9,208
< 200 Port command successful
* Connect data stream actively
> TYPE A
< 200 Type set to A
> NLST
< 150 Opening data channel for directory list.
* Connection accepted from server
< 226 Transfer OK
> QUIT
< 221 Goodbye
* Closing connection #0

// Finish
curl_easy_cleanup(m_pCurlHandle);

Other message found:
* Could not resolve host: 192.168.2.86; No data record of
requested type
* Failed to resolve host name
¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦
¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦
¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦¯¦3
* Telling server to connect to 192.168.2.151:2569

Strings are of course not constant but I've checked they
were 8-bit encoded and null-terminated.

Thanks
Vincent

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2006-04-13 11:02

Message:
Logged In: YES
user_id=1110

You seem to have passed illegal data to a libcurl option.
This doesn't look like a curl bug.

Please submit a complete example to show us what you do and
to allow us to attempt to repeat the problem in our ends.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1469799&group_id=976
Received on 2006-04-18

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET