cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-1762996 ] FTP logins are not RFC959 compliant

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Sat, 28 Jul 2007 21:58:39 -0700

Bugs item #1762996, was opened at 2007-07-29 04:58
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1762996&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: ftp
Group: wrong behaviour
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Sebastien WILLEMIJNS (sebone)
Assigned to: Daniel Stenberg (bagder)
Summary: FTP logins are not RFC959 compliant

Initial Comment:
hi,

I've noticed some FTP servers (detect and?) reject curl user(s) because PASS
command is sent even if anon password is not mandatory

in curl:
0000: USER anonymous
<= Recv header, 23 bytes (0x17)
0000: 230 Login successful.
=> Send header, 22 bytes (0x16)
0000: PASS ftp_at_example.com
<= Recv header, 22 bytes (0x16)
0000: 500 Unknown command.
== Info: Access denied: 500
== Info: Closing connection #0

In filezilla (log here)/mozilla & IE (with ethereal sniffing), core FTP commands are sent even with no
anonymous password:
Command: USER anonymous
Response: 230 Login successful.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
[...]

********************************

RFC959 not mandatory tell us to use PASS (see latest
line about this RFC extract)

The following commands specify access control identifiers
         (command codes are shown in parentheses).

         USER NAME (USER)

            The argument field is a Telnet string identifying the user.The user identification is that which is required by the server for access to its file system. This command will normally be the first command transmitted by the user after the control connections are made (some servers may require this). Additional identification information in the form of a password and/or an account command may also be required bysome servers.

**********************************

RFC2228 (http://tools.ietf.org/html/rfc2228) in the "ASCII-ART graphic" (chapter 9 / state diagram) clearly ndicates PASS function is not mandatory and can be
bypassed if answer code begins by "2" ("2xy" in the cart)

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1762996&group_id=976
Received on 2007-07-29

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET