Red Hat Bugzilla – Bug 54405
all port numbers above 32768 erroneously report
Last modified: 2008-05-01 11:38:00 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; DigExt)
Description of problem:
Works fine in 6.1, but now in 7.1
ftp -i 18.104.22.168 50000
gives that error message.
I think someone must have messed with the code, and accidentally change
the data type to "signed int" - beats me *why* anyone would be messing
with this, and make such a silly mistake, and it would get past the
quality control test suite... there *is* a quality-control test suite,
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. ftp -i 22.214.171.124 50000
Actual Results: 126.96.36.199.: bad port number-- 50000
Expected Results: connected to my ftp server which runs on port 50000
works fine in RedHat 6.1.
Possible security implications:
1. Why did it get changed such that it got broken? perhaps a diff of the
6.1 and 7.1 source should be examined for other messups?
2. Since this paramater is obviously not being checked proplery, is there
something here, or new, that could lead to a buffer problem?
I can't reproduce this on a 7.2 system
[bero@spock bero]$ ftp localhost 50000
Connected to localhost (127.0.0.1).
220 spock.home.bero.org FTP server (Version wu-2.6.1-18) ready.
(and yes, there is a QA test suite. But it didn't check for this. It just does
a couple of standard ftp transfers, port 21)