From: Amos Jeffries <amosjeffries@squid-cache.org>
Date: Mon, 1 Nov 2010 05:41:38 +0000 (-0600)
Subject: Bug 3090: Polish FTP login error handing
X-Git-Tag: SQUID_3_1_10~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=131b9661d505ecc2f4d32eae4efb7e6092e4a171;p=thirdparty%2Fsquid.git

Bug 3090: Polish FTP login error handing

Reverts a regression added recently that blocked the challenge events.
Fixes another potential nul-pointer dereference bug.

* 421/426 server overload equate to HTTP overload. But do special such that
  the credentials are asked of the browser on retries.

* 43x and 53x FTP status are all credentials failures of various types.
  Other failures are not credential related.
  This leaves the other non-credential errors as general failures.
---

diff --git a/src/ftp.cc b/src/ftp.cc
index 60848b2c74..edddc796aa 100644
--- a/src/ftp.cc
+++ b/src/ftp.cc
@@ -1982,16 +1982,24 @@ FtpStateData::loginFailed()
     ErrorState *err = NULL;
     const char *command, *reply;
 
-    if (state == SENT_USER || state == SENT_PASS) {
-        if (ctrl.replycode > 500) {
-            if (password_url)
+    if ((state == SENT_USER || state == SENT_PASS) && ctrl.replycode >= 400) {
+        if (ctrl.replycode == 421 || ctrl.replycode == 426) {
+            // 421/426 - Service Overload - retry permitted.
+            err = errorCon(ERR_FTP_UNAVAILABLE, HTTP_SERVICE_UNAVAILABLE, fwd->request);
+        } else if (ctrl.replycode >= 430 && ctrl.replycode <= 439) {
+            // 43x - Invalid or Credential Error - retry challenge required.
+            err = errorCon(ERR_FTP_FORBIDDEN, HTTP_UNAUTHORIZED, fwd->request);
+        } else if (ctrl.replycode >= 530 && ctrl.replycode <= 539) {
+            // 53x - Credentials Missing - retry challenge required
+            if (password_url) // but they were in the URI! major fail.
                 err = errorCon(ERR_FTP_FORBIDDEN, HTTP_FORBIDDEN, fwd->request);
             else
                 err = errorCon(ERR_FTP_FORBIDDEN, HTTP_UNAUTHORIZED, fwd->request);
-        } else if (ctrl.replycode == 421) {
-            err = errorCon(ERR_FTP_UNAVAILABLE, HTTP_SERVICE_UNAVAILABLE, fwd->request);
         }
-    } else {
+    }
+
+    // any other problems are general falures.
+    if (!err) {
         ftpFail(this);
         return;
     }