src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo de Raadt <deraadt@cvs.openbsd.org>	1999-12-10 10:41:45 +0000
committer	Theo de Raadt <deraadt@cvs.openbsd.org>	1999-12-10 10:41:45 +0000
commit	b1de991716d039ca048634ed98acfa77c8f67340 (patch)
tree	55a40252dfb5160c620c169aa9d9bf94e42ad6cb
parent	ec25abc9e1a456db391eb113d9fddcb1d1454419 (diff)

using u_char * is a lot more convenient than doing & 0xff 80+ times

Diffstat

-rw-r--r--

libexec/ftpd/ftpd.c

146

1 files changed, 79 insertions, 67 deletions

diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index 97f614bfc83..d1726603516 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ftpd.c,v 1.64 1999/12/09 09:03:08 itojun Exp $ */

+/* $OpenBSD: ftpd.c,v 1.65 1999/12/10 10:41:44 deraadt Exp $ */

/* $NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $ */

@@ -420,7 +420,7 @@ main(argc, argv, envp)

}

if (setsockopt(ctl_sock, SOL_SOCKET, SO_REUSEADDR,

(char *)&on, sizeof(on)) < 0)

- syslog(LOG_ERR, "control setsockopt: %m");;

+ syslog(LOG_ERR, "control setsockopt: %m");

memset(&server_addr, 0, sizeof(server_addr));

server_addr.su_sin.sin_family = family;

switch (family) {

@@ -514,8 +514,8 @@ main(argc, argv, envp)

his_addr.su_sin.sin_family = AF_INET;

his_addr.su_sin.sin_len = sizeof(his_addr.su_sin);

memcpy(&his_addr.su_sin.sin_addr,

- &tmp_addr.su_sin6.sin6_addr.s6_addr[off],

- sizeof(his_addr.su_sin.sin_addr));

+ &tmp_addr.su_sin6.sin6_addr.s6_addr[off],

+ sizeof(his_addr.su_sin.sin_addr));

his_addr.su_sin.sin_port = tmp_addr.su_sin6.sin6_port;

tmp_addr = ctrl_addr;

@@ -523,8 +523,8 @@ main(argc, argv, envp)

ctrl_addr.su_sin.sin_family = AF_INET;

ctrl_addr.su_sin.sin_len = sizeof(ctrl_addr.su_sin);

memcpy(&ctrl_addr.su_sin.sin_addr,

- &tmp_addr.su_sin6.sin6_addr.s6_addr[off],

- sizeof(ctrl_addr.su_sin.sin_addr));

+ &tmp_addr.su_sin6.sin6_addr.s6_addr[off],

+ sizeof(ctrl_addr.su_sin.sin_addr));

ctrl_addr.su_sin.sin_port = tmp_addr.su_sin6.sin6_port;

#else

while (fgets(line, sizeof(line), fd) != NULL) {

@@ -543,7 +543,7 @@ main(argc, argv, envp)

if (his_addr.su_family == AF_INET) {

tos = IPTOS_LOWDELAY;

if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&tos,

- sizeof(int)) < 0)

+ sizeof(int)) < 0)

syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");

}

#endif

@@ -601,11 +601,11 @@ main(argc, argv, envp)

if (multihome) {

getnameinfo((struct sockaddr *)&ctrl_addr, ctrl_addr.su_len,

- dhostname, sizeof(dhostname), NULL, 0, 0);

+ dhostname, sizeof(dhostname), NULL, 0, 0);

}

reply(220, "%s FTP server (%s) ready.",

- (multihome ? dhostname : hostname), version);

+ (multihome ? dhostname : hostname), version);

(void) setjmp(errcatch);

for (;;)

(void) yyparse();

@@ -1223,7 +1223,7 @@ getdatasock(mode)

if (ctrl_addr.su_family == AF_INET) {

on = IPTOS_THROUGHPUT;

if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&on,

- sizeof(int)) < 0)

+ sizeof(int)) < 0)

syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");

}

#endif

@@ -1295,13 +1295,13 @@ dataconn(name, size, mode)

p = (in_port_t *)&from.su_sin.sin_port;

fa = (u_char *)&from.su_sin.sin_addr;

ha = (u_char *)&his_addr.su_sin.sin_addr;

- alen = sizeof(struct in_addr);;

+ alen = sizeof(struct in_addr);

break;

case AF_INET6:

p = (in_port_t *)&from.su_sin6.sin6_port;

fa = (u_char *)&from.su_sin6.sin6_addr;

ha = (u_char *)&his_addr.su_sin6.sin6_addr;

- alen = sizeof(struct in6_addr);;

+ alen = sizeof(struct in6_addr);

break;

default:

perror_reply(425, "Can't build data connection");

@@ -1310,8 +1310,8 @@ dataconn(name, size, mode)

pdata = -1;

return (NULL);

}

- if (from.su_family != his_addr.su_family

- || ntohs(*p) < IPPORT_RESERVED) {

+ if (from.su_family != his_addr.su_family ||

+ ntohs(*p) < IPPORT_RESERVED) {

perror_reply(425, "Can't build data connection");

(void) close(pdata);

(void) close(s);

@@ -1328,7 +1328,7 @@ dataconn(name, size, mode)

(void) close(pdata);

pdata = s;

reply(150, "Opening %s mode data connection for '%s'%s.",

- type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);

+ type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);

return (fdopen(pdata, mode));

}

if (data >= 0) {

@@ -1343,9 +1343,10 @@ dataconn(name, size, mode)

file = getdatasock(mode);

if (file == NULL) {

char hbuf[MAXHOSTNAMELEN], pbuf[10];

getnameinfo((struct sockaddr *)&data_source, data_source.su_len,

- hbuf, sizeof(hbuf), pbuf, sizeof(pbuf),

- NI_NUMERICHOST | NI_NUMERICSERV);

+ hbuf, sizeof(hbuf), pbuf, sizeof(pbuf),

+ NI_NUMERICHOST | NI_NUMERICSERV);

reply(425, "Can't create data socket (%s,%s): %s.",

hbuf, pbuf, strerror(errno));

return (NULL);

@@ -1361,13 +1362,13 @@ dataconn(name, size, mode)

p = (in_port_t *)&data_dest.su_sin.sin_port;

fa = (u_char *)&data_dest.su_sin.sin_addr;

ha = (u_char *)&his_addr.su_sin.sin_addr;

- alen = sizeof(struct in_addr);;

+ alen = sizeof(struct in_addr);

break;

case AF_INET6:

p = (in_port_t *)&data_dest.su_sin6.sin6_port;

fa = (u_char *)&data_dest.su_sin6.sin6_addr;

ha = (u_char *)&his_addr.su_sin6.sin6_addr;

- alen = sizeof(struct in6_addr);;

+ alen = sizeof(struct in6_addr);

break;

default:

perror_reply(425, "Can't build data connection");

@@ -1375,8 +1376,8 @@ dataconn(name, size, mode)

pdata = -1;

return (NULL);

}

- if (data_dest.su_family != his_addr.su_family

- || ntohs(*p) < IPPORT_RESERVED || ntohs(*p) == 2049) { /* XXX */

+ if (data_dest.su_family != his_addr.su_family ||

+ ntohs(*p) < IPPORT_RESERVED || ntohs(*p) == 2049) { /* XXX */

perror_reply(425, "Can't build data connection");

(void) fclose(file);

data = -1;

@@ -1401,7 +1402,7 @@ dataconn(name, size, mode)

return (NULL);

}

reply(150, "Opening %s mode data connection for '%s'%s.",

- type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);

+ type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);

return (file);

}

@@ -1462,7 +1463,7 @@ send_data(instr, outstr, blksize, filesize, isreg)

(off_t)0);

if (!buf) {

syslog(LOG_WARNING, "mmap(%lu): %m",

- (unsigned long)filesize);

+ (unsigned long)filesize);

goto oldway;

}

bp = buf;

@@ -1588,9 +1589,9 @@ receive_data(instr, outstr)

transflag = 0;

if (bare_lfs) {

lreply(226,

- "WARNING! %d bare linefeeds received in ASCII mode",

+ "WARNING! %d bare linefeeds received in ASCII mode",

bare_lfs);

- (void)printf(" File may not have transferred correctly.\r\n");

+ printf(" File may not have transferred correctly.\r\n");

}

return (0);

default:

@@ -1653,7 +1654,7 @@ statcmd()

lreply(211, "%s FTP server status:", hostname, version);

printf(" %s\r\n", version);

getnameinfo((struct sockaddr *)&his_addr, his_addr.su_len,

- hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST);

+ hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST);

printf(" Connected to %s", remotehost);

if (strcmp(remotehost, hbuf) != 0)

printf(" (%s)", hbuf);

@@ -1697,10 +1698,9 @@ printaddr:

printf("211- PORT ");

a = (u_char *) &su->su_sin.sin_addr;

p = (u_char *) &su->su_sin.sin_port;

-#define UC(b) (((int) b) & 0xff)

- printf("(%d,%d,%d,%d,%d,%d)\r\n",

- UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),

- UC(p[0]), UC(p[1]));

+ printf("(%u,%u,%u,%u,%u,%u)\r\n",

+ a[0], a[1], a[2], a[3],

+ p[0], p[1]);

}

/* LPSV/LPRT */

@@ -1730,18 +1730,17 @@ printaddr:

printf("211- LPSV ");

else

printf("211- LPRT ");

- printf("(%d,%d", af, alen);

+ printf("(%u,%u", af, alen);

for (i = 0; i < alen; i++)

- printf("%d,", UC(a[alen]));

- printf("%d,%d,%d)\r\n", 2, UC(p[0]), UC(p[1]));

-#undef UC

+ printf("%u,", a[alen]);

+ printf("%u,%u,%u)\r\n", 2, p[0], p[1]);

}

/* EPRT/EPSV */

-epsvonly:;

+epsvonly:

{

- int af;

+ u_char af;

switch (su->su_family) {

case AF_INET:

@@ -1757,13 +1756,13 @@ epsvonly:;

if (af) {

char hbuf[MAXHOSTNAMELEN], pbuf[10];

if (getnameinfo((struct sockaddr *)su, su->su_len,

- hbuf, sizeof(hbuf), pbuf, sizeof(pbuf),

- NI_NUMERICHOST) == 0) {

+ hbuf, sizeof(hbuf), pbuf, sizeof(pbuf),

+ NI_NUMERICHOST) == 0) {

if (ispassive)

printf("211 - EPSV ");

else

printf("211 - EPRT ");

- printf("(|%d|%s|%s|)\r\n",

+ printf("(|%u|%s|%s|)\r\n",

af, hbuf, pbuf);

}

@@ -2081,7 +2080,7 @@ void

passive()

{

int len, on;

- char *p, *a;

+ u_char *p, *a;

if (pw == NULL) {

reply(530, "Please login with USER and PASS");

@@ -2089,6 +2088,15 @@ passive()

}

if (pdata >= 0)

close(pdata);

+ /*

+ * XXX

+ * At this point, it would be nice to have an algorithm that

+ * inserted a growing delay in an attack scenario. Such a thing

+ * would look like continual passive sockets being opened, but

+ * nothing serious being done with them. They're not used to

+ * move data; the entire attempt is just to use tcp FIN_WAIT

+ * resources.

+ */

pdata = socket(AF_INET, SOCK_STREAM, 0);

if (pdata < 0) {

perror_reply(425, "Can't open passive connection");

@@ -2098,7 +2106,7 @@ passive()

#ifdef IP_PORTRANGE

on = high_data_ports ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT;

if (setsockopt(pdata, IPPROTO_IP, IP_PORTRANGE,

- (char *)&on, sizeof(on)) < 0)

+ (char *)&on, sizeof(on)) < 0)

goto pasv_error;

#endif

@@ -2113,13 +2121,11 @@ passive()

goto pasv_error;

if (listen(pdata, 1) < 0)

goto pasv_error;

- a = (char *) &pasv_addr.su_sin.sin_addr;

- p = (char *) &pasv_addr.su_sin.sin_port;

-#define UC(b) (((int) b) & 0xff)

+ a = (u_char *) &pasv_addr.su_sin.sin_addr;

+ p = (u_char *) &pasv_addr.su_sin.sin_port;

- reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]),

- UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));

+ reply(227, "Entering Passive Mode (%u,%u,%u,%u,%u,%u)", a[0],

+ a[1], a[2], a[3], p[0], p[1]);

return;

pasv_error:

@@ -2138,7 +2144,7 @@ void

long_passive(char *cmd, int pf)

{

int len;

- register char *p, *a;

+ register u_char *p, *a;

if (!logged_in) {

syslog(LOG_NOTICE, "long passive but not logged in");

@@ -2165,7 +2171,7 @@ long_passive(char *cmd, int pf)

if (strcmp(cmd, "EPSV") == 0 && pf) {

reply(522, "Network protocol mismatch, "

- "use (%d)", pf);

+ "use (%d)", pf);

} else

reply(501, "Network protocol mismatch"); /*XXX*/

@@ -2175,6 +2181,15 @@ long_passive(char *cmd, int pf)

if (pdata >= 0)

close(pdata);

+ /*

+ * XXX

+ * At this point, it would be nice to have an algorithm that

+ * inserted a growing delay in an attack scenario. Such a thing

+ * would look like continual passive sockets being opened, but

+ * nothing serious being done with them. They not used to move

+ * data; the entire attempt is just to use tcp FIN_WAIT

+ * resources.

+ */

pdata = socket(ctrl_addr.su_family, SOCK_STREAM, 0);

if (pdata < 0) {

perror_reply(425, "Can't open passive connection");

@@ -2193,36 +2208,33 @@ long_passive(char *cmd, int pf)

goto pasv_error;

if (listen(pdata, 1) < 0)

goto pasv_error;

- p = (char *) &pasv_addr.su_port;

-#define UC(b) (((int) b) & 0xff)

+ p = (u_char *) &pasv_addr.su_port;

if (strcmp(cmd, "LPSV") == 0) {

switch (pasv_addr.su_family) {

case AF_INET:

- a = (char *) &pasv_addr.su_sin.sin_addr;

- reply(228, "Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d)",

- 4, 4, UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),

- 2, UC(p[0]), UC(p[1]));

+ a = (u_char *) &pasv_addr.su_sin.sin_addr;

+ reply(228,

+ "Entering Long Passive Mode (%u,%u,%u,%u,%u,%u,%u,%u,%u)",

+ 4, 4, a[0], a[1], a[2], a[3], 2, p[0], p[1]);

return;

case AF_INET6:

a = (char *) &pasv_addr.su_sin6.sin6_addr;

- reply(228, "Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d)",

- 6, 16,

- UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),

- UC(a[4]), UC(a[5]), UC(a[6]), UC(a[7]),

- UC(a[8]), UC(a[9]), UC(a[10]), UC(a[11]),

- UC(a[12]), UC(a[13]), UC(a[14]), UC(a[15]),

- 2, UC(p[0]), UC(p[1]));

+ reply(228,

+ "Entering Long Passive Mode (%u,%u,%u,%u,%u,%u,"

+ "%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u)",

+ 6, 16, a[0], a[1], a[2], a[3], a[4],

+ a[5], a[6], a[7], a[8], a[9], a[10],

+ a[11], a[12], a[13], a[14], a[15], 2,

+ 2, p[0], p[1]);

return;

}

-#undef UC

} else if (strcmp(cmd, "EPSV") == 0) {

switch (pasv_addr.su_family) {

case AF_INET:

case AF_INET6:

- reply(229, "Entering Extended Passive Mode (|||%d|)",

- ntohs(pasv_addr.su_port));

+ reply(229, "Entering Extended Passive Mode (|||%u|)",

+ ntohs(pasv_addr.su_port));

return;

}

} else {

@@ -2495,7 +2507,7 @@ check_host(sa)

sin = (struct sockaddr_in *)sa;

hp = gethostbyaddr((char *)&sin->sin_addr,

- sizeof(struct in_addr), AF_INET);

+ sizeof(struct in_addr), AF_INET);

addr = inet_ntoa(sin->sin_addr);

if (hp) {

if (!hosts_ctl("ftpd", hp->h_name, addr, STRING_UNKNOWN)) {