]> git.ipfire.org Git - thirdparty/squid.git/commitdiff
projects / thirdparty / squid.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 69b6459)
Bug 3090: Polish FTP login error handing
authorAmos Jeffries <amosjeffries@squid-cache.org>
Mon, 1 Nov 2010 05:41:38 +0000 (23:41 -0600)
committerAmos Jeffries <amosjeffries@squid-cache.org>
Mon, 1 Nov 2010 05:41:38 +0000 (23:41 -0600)
Reverts a regression added recently that blocked the challenge events.
Fixes another potential nul-pointer dereference bug.

* 421/426 server overload equate to HTTP overload. But do special such that
  the credentials are asked of the browser on retries.

* 43x and 53x FTP status are all credentials failures of various types.
  Other failures are not credential related.
  This leaves the other non-credential errors as general failures.

src/ftp.cc patch | blob | blame | history

diff --git a/src/ftp.cc b/src/ftp.cc
index 60848b2c747d336f5334cc9f57d47c45023161d6..edddc796aa60c2062e3515aeb7b62ed975c98b41 100644 (file)
--- a/src/ftp.cc
+++ b/src/ftp.cc
@@ -1982,16 +1982,24 @@ FtpStateData::loginFailed()
     ErrorState *err = NULL;
     const char *command, *reply;
 
-    if (state == SENT_USER || state == SENT_PASS) {
-        if (ctrl.replycode > 500) {
-            if (password_url)
+    if ((state == SENT_USER || state == SENT_PASS) && ctrl.replycode >= 400) {
+        if (ctrl.replycode == 421 || ctrl.replycode == 426) {
+            // 421/426 - Service Overload - retry permitted.
+            err = errorCon(ERR_FTP_UNAVAILABLE, HTTP_SERVICE_UNAVAILABLE, fwd->request);
+        } else if (ctrl.replycode >= 430 && ctrl.replycode <= 439) {
+            // 43x - Invalid or Credential Error - retry challenge required.
+            err = errorCon(ERR_FTP_FORBIDDEN, HTTP_UNAUTHORIZED, fwd->request);
+        } else if (ctrl.replycode >= 530 && ctrl.replycode <= 539) {
+            // 53x - Credentials Missing - retry challenge required
+            if (password_url) // but they were in the URI! major fail.
                 err = errorCon(ERR_FTP_FORBIDDEN, HTTP_FORBIDDEN, fwd->request);
             else
                 err = errorCon(ERR_FTP_FORBIDDEN, HTTP_UNAUTHORIZED, fwd->request);
-        } else if (ctrl.replycode == 421) {
-            err = errorCon(ERR_FTP_UNAVAILABLE, HTTP_SERVICE_UNAVAILABLE, fwd->request);
         }
-    } else {
+    }
+
+    // any other problems are general falures.
+    if (!err) {
         ftpFail(this);
         return;
     }
Mirror of https://github.com/squid-cache/squid.git