Implement a timeout for SSL connection setup, using -q QUITTIME,
defaulting to 60 seconds.
SSL_connect(3) (unlike connect(2)) doesn't timeout by default.
Adapt ssl error messages destination: if unexpected error
from local API, use warn()/warnx() to stderr;
if expected error from a network operation (e.g., timeouts),
use fprintf to ttyout (which might be stdout).
Consistently use ftp_poll() instead of select();
ssl.c (using select()) was added 7 years after the
previous uses of select() were converted to poll().
Check EAGAIN as well as existing EINTR error from ftp_poll(),
for portability.
Remove assignment to error in initconn(); it's not tested anywhere after the
initial use, so no need to set it before goto bad.
(Looks like copypasta from the initial addition of the code in rev 1.48.)
Fail if the server's response to PASV or LPSV contains an IP address
that doesn't match that of the control connection.
(EPSV already only uses the port portion of the server's response,
per RFC 2428).
Previously a hostile server could cause ftp to open a data connection elsewhere.
Many other ftp implementations have had a similar change for many years,
including those in popular browsers (before they deprecated FTP ...)
Thanks to Simon Josefsson notifying me about
https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
Attempt to prevent timeouts of the control connection by setting SO_KEEPALIVE.
This matches the equivalent behaviour in ftpd.
Note: This is a much simpler change than adding a background polling event
to invoke "STAT" (or "NOOP") on the control connection during a transfer.
(It's unclear from RFC 959 whether "NOOP" is even permitted during a transfer).
PR bin/56129
Refactor to not rely upon restartable signals (SA_RESTART),
possibly fixing intermittent failures with -q QUITTIME.
ftp transfers: handle EINTR/EAGAIN in copy_bytes(),
instead of relying upon restartable signals.
http/https transfers: Explicitly print an error similar to
progressmeter() when timing-out for -Q QUITTIME in fetch_wait(),
and set errno to ETIMEDOUT so that the warn() in fetch_url()
prints a more accurate error message.
PR/55857
Only invoke the old signal handler if it's a real signal handler
and not SIG_IGN, SIG_DFL, SIG_HOLD, or SIG_ERR, using new static
function issighandler().
Avoids an intermittent race condition with a null pointer
dereference via (*SIG_DFL)().
Bug class reported by Joyu Liao from Juniper Networks.
Use SIG_ERR instead of NULL as the indicator that a signal handler
hasn't been changed, so that SIG_DFL (equivalent to NULL)
will be restored.
lostpeer() calls too many async-unsafe functions (both directly
and indirectly) to close and cleanup the remote connections,
so just exit after the cleanup if invoked by a signal.
Reported in private mail by Qi Hou.
May also resolve a crash reported by Thomas Klausner.
time a socket is used, as the previous logic assumed AF_INET sockets
were available (which they may not be in an IPv6-only system).
Per discussion with Maxim Konovalov and the FreeBSD problem 162661.
features such as DNS Service Discovery have a better chance of working.
Suggested by David Young <dyoung>.
Display the service name in various status & error messages.
Don't getservbyname() the :port component of a URL; RFC 3986 says it's
just an unsigned number, not a service name.
Fixes PR 17617.
* Use 'RFCnnnn' (with leading 0) instead of 'RFC nnnn', to be
consistent with the style in the RFC index.
* Refer to RFC3916 instead of 1738 or 2732.
* Expand the list of supported RFCs in ftp(1) to contain the document
name as well.
provided buffer, with optional rate-limiting and hash-mark printing,
using one loop and handle short writes.
Refactor sendrequest() and recvrequest() to use copy_data().
Addresses PR 15943.
connections.
Based on code in the version of ftp that FreeBSD had before they
replaced it with lukemftp.
* Move error message handling into ftp_connect() rather than in the
caller, so that more specific error reporting can occur.
* Improve consistency of various warning and error messages.
going to fall back to PASV / PORT (respectively) if the former fail,
and this avoids printing a failure reply followed by a success reply.
Should fix a problem with the emacs ftp wrapper.
int getline(FILE *stream, char *buf, size_t buflen, const char **errormsg)
Read a line from the FILE stream into buf/buflen using fgets(), so up
to buflen-1 chars will be read and the result will be NUL terminated.
If the line has a trailing newline it will be removed.
If the line is too long, excess characters will be read until
newline/EOF/error.
Various -ve return values indicate different errors, and errormsg
will be changed to an error description if it's not NULL.
Convert to use getline() instead of fgets() whenever reading user input
to ensure that an overly long input line doesn't leave excess characters
for the next input operation to accidentally use as input.
Zero out the password & account after we've finished with it.
Consistently use getpass(3) (i.e, character echo suppressed) when
reading the account data. For some reason, historically the "login"
code suppressed echo for Account: yet the "user" command did not!
Display the hostname in the "getaddrinfo failed" warning.
Appease some -Wcast-qual warnings. Fixing all of these requires
significant code refactoring. (mmm, legacy code).
connect(2) in xconnect() by temporarily setting O_NONBLOCK
on the socket and using xpoll() to wait for the operation
to succeed.
The timeout used is the '-q quittime' argument (defaults to
60s for accept(2), and the system default for connect(2)).
Idea inspired by discussion with Chuck Cranor.
This may (indirectly) fix various problems with timeouts
in active mode through broken firewalls.
Implement xpoll() as a wrapper around poll(2), to make it
easier to replace on systems without a functional poll(2).
Unconditionally use xpoll() instead of conditionally using
select(2) or poll(2).
christos