Bug 251570 - on FTP uploads, curl still tries to send PASS even if server returned code 230
Summary: on FTP uploads, curl still tries to send PASS even if server returned code 230
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: curl
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Jindrich Novy
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-08-09 19:54 UTC by David Cantrell
Modified: 2013-07-02 23:22 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-08-10 11:42:47 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description David Cantrell 2007-08-09 19:54:24 UTC
I use curl to release new versions of software to ftp.gnu.org.  I use curl in
this manner:

curl -# -T [filename] ftp://ftp-upload.gnu.org/incoming/ftp/

It's an anonymous login to upload, but files without known GPG signatures are
thrown out.  Verified files are moved to ftp.gnu.org.

I found that the most recent version of curl failed to login to the server.  I
looked at it more closely and found that curl was sending 'USER anonymous' then
'PASS ftp' even after it received code 230 after the USER command. 
230 means you are now logged in.

I dug through the code and found the problem.  Here's the fix:

diff -up curl-7.16.4/lib/ftp.c.230 curl-7.16.4/lib/ftp.c
--- curl-7.16.4/lib/ftp.c.230   2007-07-01 18:01:19.000000000 -0400
+++ curl-7.16.4/lib/ftp.c       2007-08-09 15:41:10.000000000 -0400
@@ -2372,7 +2372,7 @@ static CURLcode ftp_state_user_resp(stru
   (void)instate; /* no use for this yet */
 
   /* some need password anyway, and others just return 2xx ignored */
-  if((ftpcode == 331 || ftpcode/100 == 2) && (ftpc->state == FTP_USER)) {
+  if((ftpcode == 331) && (ftpc->state == FTP_USER)) {
     /* 331 Password required for ...
        (the server requires to send the user's password too) */
     NBFTPSENDF(conn, "PASS %s", ftp->passwd?ftp->passwd:"");

Pretty simple to fix.

Comment 1 Jindrich Novy 2007-08-10 10:10:04 UTC
Thanks for the patch, did you send it to upstream as well?

Comment 2 Jindrich Novy 2007-08-10 11:43:06 UTC
Applied.

Comment 3 Daniel Stenberg 2007-08-18 20:41:26 UTC
FYI: this was already fixed upstream, and we've added a test case to hopefully
avoid this regression in the future.


Note You need to log in before you can comment on or make changes to this bug.