summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libexec/ftpd/ftpcmd.y21
-rw-r--r--libexec/ftpd/ftpd.812
-rw-r--r--libexec/ftpd/ftpd.c9
3 files changed, 33 insertions, 9 deletions
diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y
index d28d5879e46..87e286645f0 100644
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@@ -88,6 +88,8 @@ extern char proctitle[];
extern int usedefault;
extern int transflag;
extern char tmpline[];
+extern int portcheck;
+extern struct sockaddr_in his_addr;
off_t restart_point;
@@ -158,12 +160,21 @@ cmd
| PORT check_login SP host_port CRLF
{
if ($2) {
- usedefault = 0;
- if (pdata >= 0) {
- (void) close(pdata);
- pdata = -1;
+ if (portcheck && (ntohs(data_dest.sin_port) <
+ IPPORT_RESERVED ||
+ memcmp(&data_dest.sin_addr,
+ &his_addr.sin_addr,
+ sizeof data_dest.sin_addr))) {
+ usedefault = 1;
+ reply(500, "Illegal PORT rejected.");
+ } else {
+ usedefault = 0;
+ if (pdata >= 0) {
+ (void) close(pdata);
+ pdata = -1;
+ }
+ reply(200, "PORT command successful.");
}
- reply(200, "PORT command successful.");
}
}
| PASV check_login CRLF
diff --git a/libexec/ftpd/ftpd.8 b/libexec/ftpd/ftpd.8
index c4a39ef11f6..616172747e7 100644
--- a/libexec/ftpd/ftpd.8
+++ b/libexec/ftpd/ftpd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ftpd.8,v 1.12 1997/05/01 14:45:36 deraadt Exp $
+.\" $OpenBSD: ftpd.8,v 1.13 1997/12/12 08:55:09 deraadt Exp $
.\" $NetBSD: ftpd.8,v 1.8 1996/01/14 20:55:23 thorpej Exp $
.\"
.\" Copyright (c) 1985, 1988, 1991, 1993
@@ -43,7 +43,7 @@
Internet File Transfer Protocol server
.Sh SYNOPSIS
.Nm ftpd
-.Op Fl dDhlMSU
+.Op Fl dDhlMSUP
.Op Fl T Ar maxtimeout
.Op Fl t Ar timeout
.Op Fl u Ar mask
@@ -94,6 +94,14 @@ for anonymous transfers, a directory matching the fully qualified name of
IP number the client connected to, and located inside
.Pa ~ftp
is used instead.
+.It Fl P
+Permit illegal port numbers or addresses for PORT command initiated connects.
+By default
+.Xr ftpd 8
+violates the RFC and thus constrains the PORT command to non-reserved ports
+and requires it use the same source address as the connection came from.
+This prevents the "FTP bounce attack" against services on both the local
+machine and other local machines.
.It Fl S
With this option set,
.Nm ftpd
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index c8142761bcf..ef490c916b0 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ftpd.c,v 1.44 1997/08/06 00:18:00 angelos Exp $ */
+/* $OpenBSD: ftpd.c,v 1.45 1997/12/12 08:55:09 deraadt Exp $ */
/* $NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $ */
/*
@@ -133,6 +133,7 @@ int multihome = 0;
int guest;
int stats;
int statfd = -1;
+int portcheck = 1;
int dochroot;
int type;
int form;
@@ -248,7 +249,7 @@ main(argc, argv, envp)
int addrlen, ch, on = 1, tos;
char *cp, line[LINE_MAX];
FILE *fd;
- char *argstr = "AdDhlMSt:T:u:Uv";
+ char *argstr = "AdDhlMSt:T:u:UvP";
struct hostent *hp;
tzset(); /* in case no timezone database in ~ftp */
@@ -270,6 +271,10 @@ main(argc, argv, envp)
daemon_mode = 1;
break;
+ case 'P':
+ portcheck = 0;
+ break;
+
case 'h':
high_data_ports = 1;
break;