Implement a timeout for SSL connection setup, using -q QUITTIME,
defaulting to 60 seconds.
SSL_connect(3) (unlike connect(2)) doesn't timeout by default.
Adapt ssl error messages destination: if unexpected error
from local API, use warn()/warnx() to stderr;
if expected error from a network operation (e.g., timeouts),
use fprintf to ttyout (which might be stdout).
Consistently use ftp_poll() instead of select();
ssl.c (using select()) was added 7 years after the
previous uses of select() were converted to poll().
Check EAGAIN as well as existing EINTR error from ftp_poll(),
for portability.
Use .Ql instead of .Sq Li, add some missing ones. Use .Pq instead of
explicit () for longer phrases - these are easier to read in the
postscript output b/c of extra spacing.
Add netrc processing to fetch-mode (URL on command line) to enable options and autologin
via netrc.
Fix SSL cleanup in some error paths.
Certificate validation is now enabled by default. Set FTPSSLNOVERIFY=1 in environment
or configure a corresponding init macro via netrc to not validate certs (required if
you haven't installed a required CA certificate for OpenSSL).
Discussed with lukem@ on icb.
Start the optstring with ":" (which implicitly disables opterr),
and handle '?' with optopt=='?' separately to ':'.
Fixes -? display of full usage on other platforms.
Remove assignment to error in initconn(); it's not tested anywhere after the
initial use, so no need to set it before goto bad.
(Looks like copypasta from the initial addition of the code in rev 1.48.)
Fail if the server's response to PASV or LPSV contains an IP address
that doesn't match that of the control connection.
(EPSV already only uses the port portion of the server's response,
per RFC 2428).
Previously a hostile server could cause ftp to open a data connection elsewhere.
Many other ftp implementations have had a similar change for many years,
including those in popular browsers (before they deprecated FTP ...)
Thanks to Simon Josefsson notifying me about
https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
Adapt the SMALLPROG / -UWITH_SSL build to also use the fetch_*()
methods from ssl.c, instead of using stdio, as stdio isn't robust
when using interruptable signals.
Disable ssl-specific support in the fetch_*() methods if WITH_SSL
isn't defined, so SMALLPROG still doesn't have ssl support (as expected).
The resulting SMALLPROG binary is slightly larger than before
(e.g., 157KiB vs 153KiB on amd64).
Set version to 20210603 for this fix and the SO_KEEPALIVE fix for PR 56129.
PR install/56219
Attempt to prevent timeouts of the control connection by setting SO_KEEPALIVE.
This matches the equivalent behaviour in ftpd.
Note: This is a much simpler change than adding a background polling event
to invoke "STAT" (or "NOOP") on the control connection during a transfer.
(It's unclear from RFC 959 whether "NOOP" is even permitted during a transfer).
PR bin/56129
Refactor to not rely upon restartable signals (SA_RESTART),
possibly fixing intermittent failures with -q QUITTIME.
ftp transfers: handle EINTR/EAGAIN in copy_bytes(),
instead of relying upon restartable signals.
http/https transfers: Explicitly print an error similar to
progressmeter() when timing-out for -Q QUITTIME in fetch_wait(),
and set errno to ETIMEDOUT so that the warn() in fetch_url()
prints a more accurate error message.
PR/55857
right now. new address-of-packed-member and format-overflow
warnings have new GCC_NO_ADDR_OF_PACKED_MEMBER amd
GCC_NO_FORMAT_OVERFLOW variables to remove these warnings.
apply to a bunch of the tree. mostly, these are real bugs that
should be fixed, but in many cases, only by removing the 'packed'
attribute from some structure that doesn't really need it. (i
looked at many different ones, and while perhaps 60-80% were
already properly aligned, it wasn't clear to me that the uses
were always coming from sane data vs network alignment, so it
doesn't seem safe to remove packed without careful research for
each affect struct.) clang already warned (and was not erroring)
for many of these cases, but gcc picked up dozens more.
Add -? to display usage synopsis and help to stdout.
This allows for "ftp -? | less", which is more user friendly.
Errors still show usage to stderr.
Consistency improvements in some usage text.
Only invoke the old signal handler if it's a real signal handler
and not SIG_IGN, SIG_DFL, SIG_HOLD, or SIG_ERR, using new static
function issighandler().
Avoids an intermittent race condition with a null pointer
dereference via (*SIG_DFL)().
Bug class reported by Joyu Liao from Juniper Networks.
Use SIG_ERR instead of NULL as the indicator that a signal handler
hasn't been changed, so that SIG_DFL (equivalent to NULL)
will be restored.
Use SIG_ERR not NULL as the indicator that a signal handler
hasn't been changed, so that SIG_DFL (equivalent to NULL)
will be restored.
Fix restoration of SIGQUIT; use the old handler not SIGPIPE's.
lostpeer() calls too many async-unsafe functions (both directly
and indirectly) to close and cleanup the remote connections,
so just exit after the cleanup if invoked by a signal.
Reported in private mail by Qi Hou.
May also resolve a crash reported by Thomas Klausner.
have one backing implementation that returns different values and
types than the other. Handle error setting properly; i.e. bail
out if the internal read returned an error. Now we get a proper
error message when the the server resets our connection instead of
a warning that the right failed with an invalid argument.
The server used for testing was:
http://capeweather.dyndns.org:8080/graphs/3474.png
Which seems to be unreliable :-)
once upon a time doing this was part of the social glue that held the
community together, but that was a long time ago, and now it's just an
information leak.
proposed on tech-userlevel in 2008, then apparently forgotten :-|
lukem
