From dad0fe12628867cc871c8f2e40e8c063bbc2a532 Mon Sep 17 00:00:00 2001 From: hno <> Date: Sun, 4 Apr 2004 21:05:13 +0000 Subject: [PATCH] Bug #877: Squid doesn't follow telnet protocol on FTP control connections Squid forgot to escape IAC characters (ascii code 255) in FTP requests, causing problems to access files/directories using this character in their name or to log in with this character in the login or password. --- src/cf.data.pre | 19 ++++++++++++++++++- src/ftp.cc | 41 +++++++++++++++++++++++++++++++++++++++-- src/structs.h | 3 ++- 3 files changed, 59 insertions(+), 4 deletions(-) diff --git a/src/cf.data.pre b/src/cf.data.pre index 5ebdc323c0..2e4709c4b0 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.346 2004/04/04 13:57:30 hno Exp $ +# $Id: cf.data.pre,v 1.347 2004/04/04 15:05:13 hno Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -1443,6 +1443,23 @@ DOC_START Squid to perform these checks then turn this directive off. DOC_END +NAME: ftp_telnet_protocol +TYPE: onoff +DEFAULT: on +LOC: Config.Ftp.telnet +DOC_START +The FTP protocol is officially defined to use the telnet protocol +as transport channel for the control connection. However, many +implemenations are broken and does not respect this aspect of +the FTP protocol. + +If you have trouble accessing files with ASCII code 255 in the +path or similar problems involving this ASCII code then you can +try setting this directive to off. If that helps report to the +operator of the FTP server in question that their FTP server +is broken and does not follow the FTP standard. +DOC_END + NAME: cache_dns_program TYPE: string IFDEF: USE_DNSSERVERS diff --git a/src/ftp.cc b/src/ftp.cc index 8c8e823332..8b1c8d63ff 100644 --- a/src/ftp.cc +++ b/src/ftp.cc @@ -1,6 +1,6 @@ /* - * $Id: ftp.cc,v 1.356 2004/04/04 14:47:06 hno Exp $ + * $Id: ftp.cc,v 1.357 2004/04/04 15:05:13 hno Exp $ * * DEBUG: section 9 File Transfer Protocol (FTP) * AUTHOR: Harvest Derived @@ -1429,18 +1429,55 @@ ftpStart(FwdState * fwd) /* ====================================================================== */ +static char * +escapeIAC(const char *buf) +{ + int n; + char *ret; + unsigned const char *p; + unsigned char *r; + + for (p = (unsigned const char *)buf, n = 1; *p; n++, p++) + if (*p == 255) + n++; + + ret = (char *)xmalloc(n); + + for (p = (unsigned const char *)buf, r=(unsigned char *)ret; *p; p++) { + *r++ = *p; + + if (*p == 255) + *r++ = 255; + } + + *r++ = '\0'; + assert((r - (unsigned char *)ret) == n ); + return ret; +} + static void ftpWriteCommand(const char *buf, FtpStateData * ftpState) { + char *ebuf; debug(9, 5) ("ftpWriteCommand: %s\n", buf); + + if (Config.Ftp.telnet) + ebuf = escapeIAC(buf); + else + ebuf = xstrdup(buf); + safe_free(ftpState->ctrl.last_command); + safe_free(ftpState->ctrl.last_reply); - ftpState->ctrl.last_command = xstrdup(buf); + + ftpState->ctrl.last_command = ebuf; + comm_write(ftpState->ctrl.fd, ftpState->ctrl.last_command, strlen(ftpState->ctrl.last_command), ftpWriteCommandCallback, ftpState); + ftpScheduleReadControlReply(ftpState, 0); } diff --git a/src/structs.h b/src/structs.h index 69cd4ee34a..51e576f0fb 100644 --- a/src/structs.h +++ b/src/structs.h @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.485 2004/04/03 14:07:39 hno Exp $ + * $Id: structs.h,v 1.486 2004/04/04 15:05:13 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -604,6 +604,7 @@ struct _SquidConfig char *anon_user; int passive; int sanitycheck; + int telnet; } Ftp; -- 2.47.2