Bug 251570

Summary: on FTP uploads, curl still tries to send PASS even if server returned code 230
Product: [Fedora] Fedora Reporter: David Cantrell <dcantrell>
Component: curlAssignee: Jindrich Novy <jnovy>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: pknirsch
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-10 11:42:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description David Cantrell 2007-08-09 19:54:24 UTC 
I use curl to release new versions of software to ftp.gnu.org.  I use curl in
this manner:

curl -# -T [filename] ftp://ftp-upload.gnu.org/incoming/ftp/

It's an anonymous login to upload, but files without known GPG signatures are
thrown out.  Verified files are moved to ftp.gnu.org.

I found that the most recent version of curl failed to login to the server.  I
looked at it more closely and found that curl was sending 'USER anonymous' then
'PASS ftp@example.com' even after it received code 230 after the USER command. 
230 means you are now logged in.

I dug through the code and found the problem.  Here's the fix:

diff -up curl-7.16.4/lib/ftp.c.230 curl-7.16.4/lib/ftp.c
--- curl-7.16.4/lib/ftp.c.230   2007-07-01 18:01:19.000000000 -0400
+++ curl-7.16.4/lib/ftp.c       2007-08-09 15:41:10.000000000 -0400
@@ -2372,7 +2372,7 @@ static CURLcode ftp_state_user_resp(stru
   (void)instate; /* no use for this yet */
 
   /* some need password anyway, and others just return 2xx ignored */
-  if((ftpcode == 331 || ftpcode/100 == 2) && (ftpc->state == FTP_USER)) {
+  if((ftpcode == 331) && (ftpc->state == FTP_USER)) {
     /* 331 Password required for ...
        (the server requires to send the user's password too) */
     NBFTPSENDF(conn, "PASS %s", ftp->passwd?ftp->passwd:"");

Pretty simple to fix.
Comment 1 Jindrich Novy 2007-08-10 10:10:04 UTC 
Thanks for the patch, did you send it to upstream as well?
Comment 2 Jindrich Novy 2007-08-10 11:43:06 UTC 
Applied.
Comment 3 Daniel Stenberg 2007-08-18 20:41:26 UTC 
FYI: this was already fixed upstream, and we've added a test case to hopefully
avoid this regression in the future.