From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 5 Jun 2022 20:23:46 +0000 (+0200)
Subject: ftp: when failing to do a secure GSSAPI login, fail hard
X-Git-Tag: curl-7_84_0~85
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6754f993980741a63cea15051bf4d9beb247afa6;p=thirdparty%2Fcurl.git

ftp: when failing to do a secure GSSAPI login, fail hard

... instead of switching to cleartext. For the sake of security.

Reported-by: Harry Sintonen
Bug: https://hackerone.com/reports/1590102
Closes #8963
---

diff --git a/lib/ftp.c b/lib/ftp.c
index 346197470e..55c4e10aa5 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -2702,10 +2702,11 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
            set a valid level */
         Curl_sec_request_prot(conn, data->set.str[STRING_KRB_LEVEL]);
 
-        if(Curl_sec_login(data, conn))
-          infof(data, "Logging in with password in cleartext");
-        else
-          infof(data, "Authentication successful");
+        if(Curl_sec_login(data, conn)) {
+          failf(data, "secure login failed");
+          return CURLE_WEIRD_SERVER_REPLY;
+        }
+        infof(data, "Authentication successful");
       }
 #endif