Date: Thu, 17 Oct 2002 21:12:25 +0300 From: Peter Pentchev <roam@ringlet.net> To: audit@FreeBSD.org Subject: [CFR] 4.x-STABLE ftp client signedness patch Message-ID: <20021017181225.GH369@straylight.oblivion.bg>
next in thread | raw e-mail | index | archive | help
--3ecMC0kzqsE2ddMN Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, The "old" FTP client in -STABLE has a little problem when retrieving files via HTTP: a variable that holds the read() return value is unsigned, which leads to misinterpreted failures when the connection is closed by the remote side and read() returns -1. Yes, I know it has never really been ftp(1)'s job to fetch via HTTP; still, this is what a friend of mine has been using until today, when he reported the failure and I tracked down the bug. I taught him about fetch(1), but there is no reason for the bug to stay unfixed :) The trivial patch is attached; it only applies to -STABLE, because -CURRENT uses lukemftp now. I took a look through the lukemftp source with a quick grep for 'size_t' and 'unsigned', and there do not seem to be any similar problems there. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence contains exactly threee erors. Index: src/usr.bin/ftp/fetch.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/usr.bin/ftp/Attic/fetch.c,v retrieving revision 1.12.2.5 diff -u -r1.12.2.5 fetch.c --- src/usr.bin/ftp/fetch.c 25 Jul 2002 15:29:18 -0000 1.12.2.5 +++ src/usr.bin/ftp/fetch.c 17 Oct 2002 07:31:36 -0000 @@ -98,7 +98,7 @@ int i, out, isftpurl; char *port; volatile int s; - size_t len; + ssize_t len; char c, *cp, *ep, *http_buffer, *portnum, *path, buf[4096]; const char *savefile; char *line, *proxy, *host; --3ecMC0kzqsE2ddMN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE9rv2J7Ri2jRYZRVMRAk1oAKDGtcCXFBEl2drpB3mHzTIfsTC0IQCfeuua yVg3J229Ha009rqc6027aZ8= =yirz -----END PGP SIGNATURE----- --3ecMC0kzqsE2ddMN-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021017181225.GH369>