rm dead code and simplify ftpd_popen. this code has only called

its statically linked ls_main for some time now.
from Jan Klemkow
ok deraadt

5 files changed, 42 insertions, 75 deletions

diff --git a/libexec/ftpd/extern.h b/libexec/ftpd/extern.h
index 60333ddcf30..a2e95cdd34d 100644
--- a/libexec/ftpd/extern.h
+++ b/libexec/ftpd/extern.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: extern.h,v 1.19 2015/10/04 11:58:09 tedu Exp $	*/
+/*	$OpenBSD: extern.h,v 1.20 2019/05/08 23:56:48 tedu Exp $	*/
 /*	$NetBSD: extern.h,v 1.2 1995/04/11 02:44:49 cgd Exp $	*/
 
 /*
@@ -68,7 +68,7 @@ void	delete(char *);
 void	dologout(int);
 void	fatal(char *);
 int	ftpd_pclose(FILE *, pid_t);
-FILE   *ftpd_popen(char *, char *, pid_t *);
+FILE   *ftpd_ls(char *, char *, pid_t *);
 int     get_line(char *, int, FILE *);
 void	ftpdlogwtmp(char *, char *, char *);
 void	lreply(int, const char *, ...);
@@ -89,7 +89,8 @@ void	renamecmd(char *, char *);
 char   *renamefrom(char *);
 void	reply(int, const char *, ...);
 void	reply_r(int, const char *, ...);
-void	retrieve(char *, char *);
+enum ret_cmd { RET_FILE, RET_LIST };
+void	retrieve(enum ret_cmd, char *);
 void	send_file_list(char *);
 void	setproctitle(const char *, ...);
 void	statcmd(void);
diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y
index 5a394538e4f..c81a3b7c30f 100644
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ftpcmd.y,v 1.66 2017/04/27 13:30:54 mikeb Exp $	*/
+/*	$OpenBSD: ftpcmd.y,v 1.67 2019/05/08 23:56:48 tedu Exp $	*/
 /*	$NetBSD: ftpcmd.y,v 1.7 1996/04/08 19:03:11 jtc Exp $	*/
 
 /*
@@ -342,7 +342,7 @@ cmd
 	| RETR check_login SP pathname CRLF
 		{
 			if ($2 && $4 != NULL)
-				retrieve(NULL, $4);
+				retrieve(RET_FILE, $4);
 			if ($4 != NULL)
 				free($4);
 		}
@@ -374,12 +374,12 @@ cmd
 	| LIST check_login CRLF
 		{
 			if ($2)
-				retrieve("/bin/ls -lgA", "");
+				retrieve(RET_LIST, NULL);
 		}
 	| LIST check_login SP pathname CRLF
 		{
 			if ($2 && $4 != NULL)
-				retrieve("/bin/ls -lgA %s", $4);
+				retrieve(RET_LIST, $4);
 			if ($4 != NULL)
 				free($4);
 		}
diff --git a/libexec/ftpd/ftpd.8 b/libexec/ftpd/ftpd.8
index 53780b63aeb..5e699e37280 100644
--- a/libexec/ftpd/ftpd.8
+++ b/libexec/ftpd/ftpd.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ftpd.8,v 1.75 2015/10/25 23:10:53 millert Exp $
+.\"	$OpenBSD: ftpd.8,v 1.76 2019/05/08 23:56:48 tedu Exp $
 .\"	$NetBSD: ftpd.8,v 1.8 1996/01/14 20:55:23 thorpej Exp $
 .\"
 .\" Copyright (c) 1985, 1988, 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)ftpd.8	8.2 (Berkeley) 4/19/94
 .\"
-.Dd $Mdocdate: October 25 2015 $
+.Dd $Mdocdate: May 8 2019 $
 .Dt FTPD 8
 .Os
 .Sh NAME
@@ -385,15 +385,6 @@ subtree be constructed with care, following these rules:
 Make the home directory owned by
 .Dq root
 and unwritable by anyone (mode 555).
-.It Pa ~ftp/bin
-Make this directory owned by
-.Dq root
-and unwritable by anyone (mode 511).
-This directory is optional unless you have commands you wish
-the anonymous FTP user to be able to run (the
-.Xr ls 1
-command exists as a built-in).
-Any programs in this directory should be mode 111 (executable only).
 .It Pa ~ftp/etc
 Make this directory owned by
 .Dq root
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index ae18a11d6be..d20c3a4bf8d 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ftpd.c,v 1.225 2018/12/11 18:19:55 bluhm Exp $	*/
+/*	$OpenBSD: ftpd.c,v 1.226 2019/05/08 23:56:48 tedu Exp $	*/
 /*	$NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $	*/
 
 /*
@@ -1113,36 +1113,32 @@ bad:
 }
 
 void
-retrieve(char *cmd, char *name)
+retrieve(enum ret_cmd cmd, char *name)
 {
 	FILE *fin, *dout;
 	struct stat st;
 	pid_t pid;
 	time_t start;
 
-	if (cmd == NULL) {
+	if (cmd == RET_FILE) {
 		fin = fopen(name, "r");
 		st.st_size = 0;
 	} else {
-		char line[BUFSIZ];
-
-		(void) snprintf(line, sizeof(line), cmd, name);
-		name = line;
-		fin = ftpd_popen(line, "r", &pid);
+		fin = ftpd_ls("-lgA", name, &pid);
 		st.st_size = -1;
 		st.st_blksize = BUFSIZ;
 	}
 	if (fin == NULL) {
 		if (errno != 0) {
 			perror_reply(550, name);
-			if (cmd == NULL) {
+			if (cmd == RET_FILE) {
 				LOGCMD("get", name);
 			}
 		}
 		return;
 	}
 	byte_count = -1;
-	if (cmd == NULL &&
+	if (cmd == RET_FILE &&
 	    (fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode))) {
 		reply(550, "%s: not a plain file.", name);
 		goto done;
@@ -1175,8 +1171,8 @@ retrieve(char *cmd, char *name)
 		goto done;
 	time(&start);
 	send_data(fin, dout, st.st_blksize, st.st_size,
-	    (restart_point == 0 && cmd == NULL && S_ISREG(st.st_mode)));
-	if ((cmd == NULL) && stats)
+	    (restart_point == 0 && cmd == RET_FILE && S_ISREG(st.st_mode)));
+	if ((cmd == RET_FILE) && stats)
 		logxfer(name, byte_count, start);
 	(void) fclose(dout);
 	data = -1;
@@ -1184,7 +1180,7 @@ done:
 	if (pdata >= 0)
 		(void) close(pdata);
 	pdata = -1;
-	if (cmd == NULL) {
+	if (cmd == RET_FILE) {
 		LOGBYTES("get", name, byte_count);
 		fclose(fin);
 	} else {
@@ -1734,10 +1730,7 @@ statfilecmd(char *filename)
 	int c;
 	int atstart;
 	pid_t pid;
-	char line[LINE_MAX];
-
-	(void)snprintf(line, sizeof(line), "/bin/ls -lgA %s", filename);
-	fin = ftpd_popen(line, "r", &pid);
+	fin = ftpd_ls("-lgA", filename, &pid);
 	if (fin == NULL) {
 		reply(451, "Local resource failure");
 		return;
@@ -2633,7 +2626,7 @@ send_file_list(char *whichf)
 			 */
 			if (dirname[0] == '-' && *dirlist == NULL &&
 			    transflag == 0) {
-				retrieve("/bin/ls %s", dirname);
+				retrieve(RET_FILE, dirname);
 				goto out;
 			}
 			perror_reply(550, whichf);
diff --git a/libexec/ftpd/popen.c b/libexec/ftpd/popen.c
index 4490cded046..d1776eb95a9 100644
--- a/libexec/ftpd/popen.c
+++ b/libexec/ftpd/popen.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: popen.c,v 1.26 2016/02/29 17:50:34 jca Exp $	*/
+/*	$OpenBSD: popen.c,v 1.27 2019/05/08 23:56:48 tedu Exp $	*/
 /*	$NetBSD: popen.c,v 1.5 1995/04/11 02:45:00 cgd Exp $	*/
 
 /*
@@ -52,7 +52,7 @@
 #include "extern.h"
 
 /*
- * Special version of popen which avoids call to shell.  This ensures noone
+ * Special version of popen which avoids call to shell.  This ensures no one
  * may create a pipe to a hidden program as a side effect of a list or dir
  * command.
  */
@@ -60,24 +60,24 @@
 #define MAX_GARGV	1000
 
 FILE *
-ftpd_popen(char *program, char *type, pid_t *pidptr)
+ftpd_ls(char *arg, char *path, pid_t *pidptr)
 {
 	char *cp;
 	FILE *iop;
-	int argc, gargc, pdes[2];
+	int argc = 0, gargc, pdes[2];
 	pid_t pid;
 	char **pop, *argv[MAX_ARGV], *gargv[MAX_GARGV];
 
-	if ((*type != 'r' && *type != 'w') || type[1])
-		return (NULL);
-
 	if (pipe(pdes) < 0)
 		return (NULL);
 
 	/* break up string into pieces */
-	for (argc = 0, cp = program;argc < MAX_ARGV-1; cp = NULL)
-		if (!(argv[argc++] = strtok(cp, " \t\n")))
-			break;
+	argv[argc++] = "/bin/ls";
+	if (arg != NULL)
+		argv[argc++] = arg;
+	if (path != NULL)
+		argv[argc++] = path;
+	argv[argc] = NULL;
 	argv[MAX_ARGV-1] = NULL;
 
 	/* glob each piece */
@@ -115,42 +115,24 @@ ftpd_popen(char *program, char *type, pid_t *pidptr)
 		goto pfree;
 		/* NOTREACHED */
 	case 0:				/* child */
-		if (*type == 'r') {
-			if (pdes[1] != STDOUT_FILENO) {
-				dup2(pdes[1], STDOUT_FILENO);
-				(void)close(pdes[1]);
-			}
-			dup2(STDOUT_FILENO, STDERR_FILENO); /* stderr too! */
-			(void)close(pdes[0]);
-		} else {
-			if (pdes[0] != STDIN_FILENO) {
-				dup2(pdes[0], STDIN_FILENO);
-				(void)close(pdes[0]);
-			}
+		if (pdes[1] != STDOUT_FILENO) {
+			dup2(pdes[1], STDOUT_FILENO);
 			(void)close(pdes[1]);
 		}
+		dup2(STDOUT_FILENO, STDERR_FILENO); /* stderr too! */
+		(void)close(pdes[0]);
 		closelog();
 
-		if (strcmp(gargv[0], "/bin/ls") == 0) {
-			extern int optreset;
-			extern int ls_main(int, char **);
+		extern int optreset;
+		extern int ls_main(int, char **);
 
-			/* reset getopt for ls_main */
-			optreset = optind = 1;
-			exit(ls_main(gargc, gargv));
-		}
-
-		execv(gargv[0], gargv);
-		_exit(1);
+		/* reset getopt for ls_main */
+		optreset = optind = 1;
+		exit(ls_main(gargc, gargv));
 	}
 	/* parent; assume fdopen can't fail...  */
-	if (*type == 'r') {
-		iop = fdopen(pdes[0], type);
-		(void)close(pdes[1]);
-	} else {
-		iop = fdopen(pdes[1], type);
-		(void)close(pdes[0]);
-	}
+	iop = fdopen(pdes[0], "r");
+	(void)close(pdes[1]);
 	*pidptr = pid;
 
 pfree:	for (argc = 1; gargv[argc] != NULL; argc++)