Bug 251570

Summary: on FTP uploads, curl still tries to send PASS even if server returned code 230
Product: [Fedora] Fedora Reporter: David Cantrell <dcantrell>
Component: curlAssignee: Jindrich Novy <jnovy>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: pknirsch
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-10 11:42:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Cantrell 2007-08-09 19:54:24 UTC 
I use curl to release new versions of software to ftp.gnu.org.  I use curl in
this manner:

curl -# -T [filename] ftp://ftp-upload.gnu.org/incoming/ftp/

It's an anonymous login to upload, but files without known GPG signatures are
thrown out.  Verified files are moved to ftp.gnu.org.

I found that the most recent version of curl failed to login to the server.  I
looked at it more closely and found that curl was sending 'USER anonymous' then
'PASS ftp' even after it received code 230 after the USER command. 
230 means you are now logged in.

I dug through the code and found the problem.  Here's the fix:

diff -up curl-7.16.4/lib/ftp.c.230 curl-7.16.4/lib/ftp.c
--- curl-7.16.4/lib/ftp.c.230   2007-07-01 18:01:19.000000000 -0400
+++ curl-7.16.4/lib/ftp.c       2007-08-09 15:41:10.000000000 -0400
@@ -2372,7 +2372,7 @@ static CURLcode ftp_state_user_resp(stru
   (void)instate; /* no use for this yet */
 
   /* some need password anyway, and others just return 2xx ignored */
-  if((ftpcode == 331 || ftpcode/100 == 2) && (ftpc->state == FTP_USER)) {
+  if((ftpcode == 331) && (ftpc->state == FTP_USER)) {
     /* 331 Password required for ...
        (the server requires to send the user's password too) */
     NBFTPSENDF(conn, "PASS %s", ftp->passwd?ftp->passwd:"");

Pretty simple to fix.
Comment 1 Jindrich Novy 2007-08-10 10:10:04 UTC 
Thanks for the patch, did you send it to upstream as well?
Comment 2 Jindrich Novy 2007-08-10 11:43:06 UTC 
Applied.
Comment 3 Daniel Stenberg 2007-08-18 20:41:26 UTC 
FYI: this was already fixed upstream, and we've added a test case to hopefully
avoid this regression in the future.