From owner-freebsd-audit Thu Oct 17 11:12:43 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 154ED37B404 for ; Thu, 17 Oct 2002 11:12:42 -0700 (PDT) Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by mx1.FreeBSD.org (Postfix) with SMTP id B526F43E88 for ; Thu, 17 Oct 2002 11:12:40 -0700 (PDT) (envelope-from roam@straylight.ringlet.net) Received: (qmail 58182 invoked by uid 85); 17 Oct 2002 18:21:38 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by south.nanolink.com with SMTP; 17 Oct 2002 18:21:37 -0000 Received: (qmail 16791 invoked by uid 1000); 17 Oct 2002 18:12:25 -0000 Date: Thu, 17 Oct 2002 21:12:25 +0300 From: Peter Pentchev To: audit@FreeBSD.org Subject: [CFR] 4.x-STABLE ftp client signedness patch Message-ID: <20021017181225.GH369@straylight.oblivion.bg> Mail-Followup-To: audit@FreeBSD.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3ecMC0kzqsE2ddMN" Content-Disposition: inline User-Agent: Mutt/1.5.1i X-Virus-Scanned: by Nik's Monitoring Daemon (AMaViS perl-11d ) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --3ecMC0kzqsE2ddMN Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, The "old" FTP client in -STABLE has a little problem when retrieving files via HTTP: a variable that holds the read() return value is unsigned, which leads to misinterpreted failures when the connection is closed by the remote side and read() returns -1. Yes, I know it has never really been ftp(1)'s job to fetch via HTTP; still, this is what a friend of mine has been using until today, when he reported the failure and I tracked down the bug. I taught him about fetch(1), but there is no reason for the bug to stay unfixed :) The trivial patch is attached; it only applies to -STABLE, because -CURRENT uses lukemftp now. I took a look through the lukemftp source with a quick grep for 'size_t' and 'unsigned', and there do not seem to be any similar problems there. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence contains exactly threee erors. Index: src/usr.bin/ftp/fetch.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/usr.bin/ftp/Attic/fetch.c,v retrieving revision 1.12.2.5 diff -u -r1.12.2.5 fetch.c --- src/usr.bin/ftp/fetch.c 25 Jul 2002 15:29:18 -0000 1.12.2.5 +++ src/usr.bin/ftp/fetch.c 17 Oct 2002 07:31:36 -0000 @@ -98,7 +98,7 @@ int i, out, isftpurl; char *port; volatile int s; - size_t len; + ssize_t len; char c, *cp, *ep, *http_buffer, *portnum, *path, buf[4096]; const char *savefile; char *line, *proxy, *host; --3ecMC0kzqsE2ddMN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9rv2J7Ri2jRYZRVMRAk1oAKDGtcCXFBEl2drpB3mHzTIfsTC0IQCfeuua yVg3J229Ha009rqc6027aZ8= =yirz -----END PGP SIGNATURE----- --3ecMC0kzqsE2ddMN-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message