Hampton@DOCKMASTER.arpa (David R. Hampton) (07/09/87)
Description:
This bug has the potential to manifest on all Berkeley 4.2
hosts. It appears as a FTP client crashing immediately
after it receives the message:
"150Opening data connection...".
The real problem is in the handshaking protocol in the
dataconn routine of the FTP server daemon. This routine
can potentially send two replys to the client, where the
client only expects one.
Repeat by:
We encountered this bug repeatedly by running two FTPs
simultaneously, each doing batch transfers. It shouldn't
matter what the transport mechanism is, since the bug is
in the FTP daemon.
Fix by:
Fix my moving the 'success' reply to the end of the
dataconn routine, after both failure checks have been made.
Here are the diffs:
RCS file: RCS/ftpd.c,v
retreiving revision 1.1
diff -r1.1 ftpd.c
418,420d417
< reply(150, "Opening data connection for %s (%s,%d)%s.",
< name, inet_ntoa(data_dest.sin_addr.s_addr),
< ntohs(data_dest.sin_port), sizebuf);
433a431,433
> reply(150, "Opening data connection for %s (%s,%d)%s.",
> name, inet_ntoa(data_dest.sin_addr.s_addr),
> ntohs(data_dest.sin_port), sizebuf);
---David
+--------------------------------------------------------------+
| David R. Hampton Ma Bell:(301) 859-4537 |
| Hampton @ Dockmaster.ARPA |
+--------------------------------------------------------------+chris@mimsy.UUCP (Chris Torek) (07/10/87)
In article <8239@brl-adm.ARPA> Hampton@DOCKMASTER.arpa (David R. Hampton) writes: >This bug has the potential to manifest on all Berkeley 4.2 >hosts. The 4.2BSD FTP (server *and* client) is quite buggy. The 4.3 code is much better. If you are running 4.2BSD, convert to 4.3BSD as fast as you possibly can. -- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7690) Domain: chris@mimsy.umd.edu Path: seismo!mimsy!chris