Bugs item #1757328, was opened at 2007-07-20 09:29
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1757328&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: ftp
Group: wrong behaviour
>Status: Closed
>Resolution: Accepted
Priority: 5
Private: No
Submitted By: Ralf S. Engelschall (rse)
Assigned to: Daniel Stenberg (bagder)
Summary: FTP login broken in 7.16.4 for servers not requesting PASS

Initial Comment:
cURL 7.16.4 introduced a bug in lib/ftp.c and
now is no longer able to download from
servers who do not request a PASSword:

| $ curl -v -o /dev/null ftp://ftp.gnu.org/gnu/m4/m4-1.4.9.tar.gz
| * About to connect() to ftp.gnu.org port 21 (#0)
| * Trying 140.186.70.20... connected
| * Connected to ftp.gnu.org (140.186.70.20) port 21 (#0)
| < 220 GNU FTP server ready.
| > USER anonymous
| < 230-Due to U.S. Export Regulations, all cryptographic software on this
| < 230-site is subject to the following legal notice:
| < 230-
| < 230- This site includes publicly available encryption source code
| < 230- which, together with object code resulting from the compiling of
| < 230- publicly available source code, may be exported from the United
| < 230- States under License Exception "TSU" pursuant to 15 C.F.R. Section
| < 230- 740.13(e).
| < 230-
| < 230-This legal notice applies to cryptographic software only. Please see
| < 230-the Bureau of Industry and Security (www.bxa.doc.gov) for more
| < 230-information about current U.S. regulations.
| < 230 Login successful.
| > PASS ftp_at_example.com
| < 500 Unknown command.
| * Access denied: 500
| * Closing connection #0
|
| curl: (67) Access denied: 500

The following patch fixes the problem by reversing
the code to what was present in cURL 7.16.3:

Index: lib/ftp.c
--- lib/ftp.c.orig 2007-07-02 00:01:19 +0200
+++ lib/ftp.c 2007-07-20 09:20:11 +0200
@@ -2371,8 +2371,7 @@
   struct ftp_conn *ftpc = &conn->proto.ftpc;
   (void)instate; /* no use for this yet */

- /* some need password anyway, and others just return 2xx ignored */
- if((ftpcode == 331 || ftpcode/100 == 2) && (ftpc->state == FTP_USER)) {
+ if((ftpcode == 331) && (ftpc->state == FTP_USER)) {
     /* 331 Password required for ...
        (the server requires to send the user's password too) */
     NBFTPSENDF(conn, "PASS %s", ftp->passwd?ftp->passwd:"");

This fixes cURL 7.16.4 and allows it to correctly
download from those servers again.

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2007-07-20 11:36

Message:
Logged In: YES
user_id=1110
Originator: NO

Indeed a regression. Thanks for the report and fix, committed to CVS right
now.

Note to self: we should add a test case for this.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1757328&group_id=976
Received on 2007-07-20