Start the optstring with ":" (which implicitly disables opterr),
and handle '?' with optopt=='?' separately to ':'.
Fixes -? display of full usage on other platforms.
Remove assignment to error in initconn(); it's not tested anywhere after the
initial use, so no need to set it before goto bad.
(Looks like copypasta from the initial addition of the code in rev 1.48.)
Fail if the server's response to PASV or LPSV contains an IP address
that doesn't match that of the control connection.
(EPSV already only uses the port portion of the server's response,
per RFC 2428).
Previously a hostile server could cause ftp to open a data connection elsewhere.
Many other ftp implementations have had a similar change for many years,
including those in popular browsers (before they deprecated FTP ...)
Thanks to Simon Josefsson notifying me about
https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
Adapt the SMALLPROG / -UWITH_SSL build to also use the fetch_*()
methods from ssl.c, instead of using stdio, as stdio isn't robust
when using interruptable signals.
Disable ssl-specific support in the fetch_*() methods if WITH_SSL
isn't defined, so SMALLPROG still doesn't have ssl support (as expected).
The resulting SMALLPROG binary is slightly larger than before
(e.g., 157KiB vs 153KiB on amd64).
Set version to 20210603 for this fix and the SO_KEEPALIVE fix for PR 56129.
PR install/56219
Attempt to prevent timeouts of the control connection by setting SO_KEEPALIVE.
This matches the equivalent behaviour in ftpd.
Note: This is a much simpler change than adding a background polling event
to invoke "STAT" (or "NOOP") on the control connection during a transfer.
(It's unclear from RFC 959 whether "NOOP" is even permitted during a transfer).
PR bin/56129
Refactor to not rely upon restartable signals (SA_RESTART),
possibly fixing intermittent failures with -q QUITTIME.
ftp transfers: handle EINTR/EAGAIN in copy_bytes(),
instead of relying upon restartable signals.
http/https transfers: Explicitly print an error similar to
progressmeter() when timing-out for -Q QUITTIME in fetch_wait(),
and set errno to ETIMEDOUT so that the warn() in fetch_url()
prints a more accurate error message.
PR/55857
right now. new address-of-packed-member and format-overflow
warnings have new GCC_NO_ADDR_OF_PACKED_MEMBER amd
GCC_NO_FORMAT_OVERFLOW variables to remove these warnings.
apply to a bunch of the tree. mostly, these are real bugs that
should be fixed, but in many cases, only by removing the 'packed'
attribute from some structure that doesn't really need it. (i
looked at many different ones, and while perhaps 60-80% were
already properly aligned, it wasn't clear to me that the uses
were always coming from sane data vs network alignment, so it
doesn't seem safe to remove packed without careful research for
each affect struct.) clang already warned (and was not erroring)
for many of these cases, but gcc picked up dozens more.
Add -? to display usage synopsis and help to stdout.
This allows for "ftp -? | less", which is more user friendly.
Errors still show usage to stderr.
Consistency improvements in some usage text.
Only invoke the old signal handler if it's a real signal handler
and not SIG_IGN, SIG_DFL, SIG_HOLD, or SIG_ERR, using new static
function issighandler().
Avoids an intermittent race condition with a null pointer
dereference via (*SIG_DFL)().
Bug class reported by Joyu Liao from Juniper Networks.
Use SIG_ERR instead of NULL as the indicator that a signal handler
hasn't been changed, so that SIG_DFL (equivalent to NULL)
will be restored.
Use SIG_ERR not NULL as the indicator that a signal handler
hasn't been changed, so that SIG_DFL (equivalent to NULL)
will be restored.
Fix restoration of SIGQUIT; use the old handler not SIGPIPE's.
lostpeer() calls too many async-unsafe functions (both directly
and indirectly) to close and cleanup the remote connections,
so just exit after the cleanup if invoked by a signal.
Reported in private mail by Qi Hou.
May also resolve a crash reported by Thomas Klausner.
have one backing implementation that returns different values and
types than the other. Handle error setting properly; i.e. bail
out if the internal read returned an error. Now we get a proper
error message when the the server resets our connection instead of
a warning that the right failed with an invalid argument.
The server used for testing was:
http://capeweather.dyndns.org:8080/graphs/3474.png
Which seems to be unreliable :-)
once upon a time doing this was part of the social glue that held the
community together, but that was a long time ago, and now it's just an
information leak.
proposed on tech-userlevel in 2008, then apparently forgotten :-|
need the results, not speculatively, just in case we might.
Allows operation with some broken servers that get confused
by PWD commands in some situations, and saves server round
trips in the (modern) common case of
ftp ftp://path/name
where we never need to know the results from PWD.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.htmlhttps://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.htmlhttps://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.