Commit Graph

662 Commits

Author SHA1 Message Date
andvar 1899cf5c74 s/bninary/binary/ in comment. 2023-01-20 22:08:48 +00:00
lukem 549e7721e4 update ftp version to 20220911
PR/57003: Handle relative URLs (patch by kim@)
2022-09-22 03:31:04 +00:00
christos b014ae325d Disable verification for now until we implement installation of trust anchors. 2022-09-12 15:10:31 +00:00
christos 4cd84277f2 PR/57003: Handle relative URLs (patch by kim@) 2022-09-11 20:49:27 +00:00
christos 42e6ad3ad9 Add cert verification, together with an environment variable "NO_CERT_VERIFY",
to turn it off.
2022-08-30 08:51:28 +00:00
andvar 6478b40555 s/blity/bility/ in various words, mainly in comments. 2022-08-06 18:26:41 +00:00
lukem 8c92a88f00 ftp: fix -? more portably
Start the optstring with ":" (which implicitly disables opterr),
and handle '?' with optopt=='?' separately to ':'.
Fixes -? display of full usage on other platforms.
2021-10-09 09:07:20 +00:00
rillig 133e932a29 usr.bin: remove unnecessary lint comment CONSTCOND
Since 2021-01-31, lint no longer warns about 'do ... while (0)'.

No functional change.
2021-09-10 21:52:17 +00:00
rillig ac83d301f8 ftp: fix undefined behavior when parsing FEAT
lint says: warning: argument to 'function from <ctype.h>' must be cast
to 'unsigned char', not to 'int' [342]
2021-08-27 17:35:03 +00:00
lukem fe59185633 update ftp version to 20210826
Version bump for PASV/LPSV address validation
2021-08-26 06:25:59 +00:00
lukem e6d740a8e7 ftp: remove unnecessary variable assignments
Remove assignment to error in initconn(); it's not tested anywhere after the
initial use, so no need to set it before goto bad.

(Looks like copypasta from the initial addition of the code in rev 1.48.)
2021-08-26 06:23:24 +00:00
lukem 819e578d6a ftp: validate address from PASV and LPSV response
Fail if the server's response to PASV or LPSV contains an IP address
that doesn't match that of the control connection.
(EPSV already only uses the port portion of the server's response,
per RFC 2428).

Previously a hostile server could cause ftp to open a data connection elsewhere.

Many other ftp implementations have had a similar change for many years,
including those in popular browsers (before they deprecated FTP ...)

Thanks to Simon Josefsson notifying me about
  https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
2021-08-26 06:16:29 +00:00
andvar 4b2769fe52 fix typos in word "otherwise". 2021-08-01 15:29:29 +00:00
christos ee9a791b28 Use raw write(2) instead of fwrite(3) to avoid stream corruption because
of the progress bar interrupts. From RVP.
2021-07-06 09:26:47 +00:00
lukem b6f942120f use fetch_*() for I/O with SMALLPROG / !WITH_SSL builds
Adapt the SMALLPROG / -UWITH_SSL build to also use the fetch_*()
methods from ssl.c, instead of using stdio, as stdio isn't robust
when using interruptable signals.

Disable ssl-specific support in the fetch_*() methods if WITH_SSL
isn't defined, so SMALLPROG still doesn't have ssl support (as expected).

The resulting SMALLPROG binary is slightly larger than before
(e.g., 157KiB vs 153KiB on amd64).

Set version to 20210603 for this fix and the SO_KEEPALIVE fix for PR 56129.

PR install/56219
2021-06-03 10:23:33 +00:00
lukem 689eea59e5 set SO_KEEPALIVE on control connection
Attempt to prevent timeouts of the control connection by setting SO_KEEPALIVE.
This matches the equivalent behaviour in ftpd.

Note: This is a much simpler change than adding a background polling event
to invoke "STAT" (or "NOOP") on the control connection during a transfer.
(It's unclear from RFC 959 whether "NOOP" is even permitted during a transfer).

PR bin/56129
2021-06-03 10:11:00 +00:00
lukem 9f8e2c9192 ftp(1): consistently use FTP for protocol use. 2021-04-25 09:09:55 +00:00
lukem 094f09734d ftp(1): consistent Ic (not Nm) for commands 2021-04-25 08:46:19 +00:00
lukem 4f096ae03f better XXX comment for buggy ftp server 2021-04-25 08:26:35 +00:00
lukem 5a12b29797 ftp(1): more $https_proxy documentation
Document $https_proxy in ENVIRONMENT.
(It was already documented elsewhere).

Fixes PR bin/51883
2021-01-31 08:59:40 +00:00
lukem 5650392b38 ftp(1): fix description of "debug"
"debug" command and documentation got accidentally renamed
to "ftp_debug" 13 years ago, and was only partially fixed.
2021-01-06 09:15:59 +00:00
lukem 920389c199 ftp: don't use restartable signals
Refactor to not rely upon restartable signals (SA_RESTART),
possibly fixing intermittent failures with -q QUITTIME.

ftp transfers: handle EINTR/EAGAIN in copy_bytes(),
instead of relying upon restartable signals.

http/https transfers: Explicitly print an error similar to
progressmeter() when timing-out for -Q QUITTIME in fetch_wait(),
and set errno to ETIMEDOUT so that the warn() in fetch_url()
prints a more accurate error message.

PR/55857
2021-01-06 04:43:14 +00:00
mrg cb93b81028 add support for new GCC 9 warnings that may be too much to fix
right now.  new address-of-packed-member and format-overflow
warnings have new GCC_NO_ADDR_OF_PACKED_MEMBER amd
GCC_NO_FORMAT_OVERFLOW variables to remove these warnings.

apply to a bunch of the tree.  mostly, these are real bugs that
should be fixed, but in many cases, only by removing the 'packed'
attribute from some structure that doesn't really need it.  (i
looked at many different ones, and while perhaps 60-80% were
already properly aligned, it wasn't clear to me that the uses
were always coming from sane data vs network alignment, so it
doesn't seem safe to remove packed without careful research for
each affect struct.)  clang already warned (and was not erroring)
for many of these cases, but gcc picked up dozens more.
2020-09-06 07:20:26 +00:00
lukem 6ded57f3ab ftp: add -? for help. improve synopsis
Add -? to display usage synopsis and help to stdout.
This allows for "ftp -? | less", which is more user friendly.
Errors still show usage to stderr.
Consistency improvements in some usage text.
2020-07-18 03:00:37 +00:00
uwe 7bb9dbe9f7 Try to improve markup for better PostScript output. 2020-07-15 19:23:44 +00:00
uwe 7eb2a579d9 Do not use "[...]", just "..." is enough.
Conventionally the ellipsis already expresses optional repetition,
e.g. .Ar without arguments produces "file ...".
2020-07-15 17:36:38 +00:00
pgoyette 0c228d5c9c Remove now-extraneous Op since we already have Oo and Oc to enclose
the Ar port.
2020-07-15 16:41:16 +00:00
lukem 960cec782f ftp.1: don't wrap "[[user@]host [port]]" 2020-07-15 08:56:05 +00:00
lukem 5a6e9afc87 ftp(1): consistency tweaks 2020-07-13 11:17:14 +00:00
lukem 123e840f8b ftp.c: improve signal handler restoration
Only invoke the old signal handler if it's a real signal handler
and not SIG_IGN, SIG_DFL, SIG_HOLD, or SIG_ERR, using new static
function issighandler().
Avoids an intermittent race condition with a null pointer
dereference via (*SIG_DFL)().
Bug class reported by Joyu Liao from Juniper Networks.

Use SIG_ERR instead of NULL as the indicator that a signal handler
hasn't been changed, so that SIG_DFL (equivalent to NULL)
will be restored.
2020-07-11 02:19:31 +00:00
lukem 0eaa71357e fetch_url: improve signal handler restoration
Use SIG_ERR not NULL as the indicator that a signal handler
hasn't been changed, so that SIG_DFL (equivalent to NULL)
will be restored.

Fix restoration of SIGQUIT; use the old handler not SIGPIPE's.
2020-07-11 00:29:38 +00:00
lukem 31aae2d731 ftp: exit if lostpeer invoked by a signal
lostpeer() calls too many async-unsafe functions (both directly
and indirectly) to close and cleanup the remote connections,
so just exit after the cleanup if invoked by a signal.

Reported in private mail by Qi Hou.
May also resolve a crash reported by Thomas Klausner.
2020-06-08 01:33:27 +00:00
lukem b310c98c56 update ftp version to 20190622 2020-02-26 05:55:27 +00:00
christos 4a69030bcd trim down error checking if we are small. 2019-06-22 23:40:53 +00:00
christos 9bedb72e28 make this compile again with -DNO_PROGRESS 2019-06-22 23:40:33 +00:00
christos e35c1a2b0b redo the connection waiting handling to make it more clear. 2019-04-07 00:44:54 +00:00
christos a5b9754eb4 Make fetch_read() return size_t like fread() does. It is bogus to
have one backing implementation that returns different values and
types than the other.  Handle error setting properly; i.e. bail
out if the internal read returned an error. Now we get a proper
error message when the the server resets our connection instead of
a warning that the right failed with an invalid argument.

The server used for testing was:
	http://capeweather.dyndns.org:8080/graphs/3474.png
Which seems to be unreliable :-)
2019-04-04 00:36:09 +00:00
martin c3c1b1c5e7 Try to avoid a (bogus) fatal warning from clang. 2019-02-06 07:56:42 +00:00
mrg a6590737cd - add justquit() that always exits. use it to avoid unreachable code. 2019-02-04 04:09:13 +00:00
mrg fbffadb9f8 - add or adjust /* FALLTHROUGH */ where appropriate
- add __unreachable() after functions that can return but won't in
  this case, and thus can't be marked __dead easily
2019-02-03 03:19:25 +00:00
christos 44671790a5 PR/53916: Rob Gill: remove redundant assignment to matchlen. 2019-01-28 12:04:16 +00:00
dholland 7f4ac6d6b0 Don't use the local username as the default anonftp password.
once upon a time doing this was part of the social glue that held the
community together, but that was a long time ago, and now it's just an
information leak.

proposed on tech-userlevel in 2008, then apparently forgotten :-|
2018-03-04 19:57:41 +00:00
christos a58fb25d66 more volatile to appease gcc. 2018-02-11 02:51:58 +00:00
christos 59b2928637 explicitly include <string.h> since OpenSSL-1.1 does not do it for us. 2018-02-06 19:26:02 +00:00
christos a8dccd7b32 Make outfile always allocated, free it to set it to NULL, and don't move it
around.
2017-11-25 15:39:17 +00:00
kre 23014bc41f Issue PWD commands to the server only when we actually
need the results, not speculatively, just in case we might.

Allows operation with some broken servers that get confused
by PWD commands in some situations, and saves server round
trips in the (modern) common case of
	ftp ftp://path/name
where we never need to know the results from PWD.
2017-11-20 21:11:36 +00:00
wiz 01869ca4d2 Remove workaround for ancient HTML generation code. 2017-07-03 21:28:48 +00:00
riastradh ef315f7931 Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export.  The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.

In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated.  I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.

The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.

My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.

As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:

https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html

P.S.  Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet...  That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
2017-05-21 15:28:36 +00:00
nonaka 165ef89073 ftp(1): split the auth processing function. 2017-02-15 11:52:11 +00:00
christos 10c59ee542 Use the first name we requested the http/https URL for, not any name we ended
up with after random redirects.
2017-01-31 21:05:35 +00:00