| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2009-10-28 | rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and | Theo de Raadt | |
| unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms | |||
| 2009-04-20 | When receiving a new connection, log the remote IP number | Ingo Schwarze | |
| in addition to the remote hostname. Feature requested by Mark Bucciarelli mkbucc at gmail dot com on misc@. "seems OK" millert@ | |||
| 2008-09-30 | Always say "User %s access denied", in all cases, to avoid some stupid | Theo de Raadt | |
| spinny things which parse those messages. Do not close the connection as requested by Josh Grosse, since a 530 is not supposed to do that. ok millert | |||
| 2008-09-12 | Don't split large commands into multiple commands on a 512-byte | Moritz Jodeit | |
| boundary but just fail on them. This prevents CSRF-like attacks, when a web browser is used to access an ftp server. Reported by Maksymilian Arciemowicz <cxib@securityreason.com>. ok millert@ martynas@ | |||
| 2008-06-30 | Include file order must be "monitor.h" before "extern.h" otherwise enum | Anders Magnusson | |
| auth_ret is referenced before it is declared, which is not allowed by C99. Ok krw@, millert@, gilles@ | |||
| 2008-04-13 | Use arc4random_buf() when requesting more than a single word of output | Damien Miller | |
| Use arc4random_uniform() when the desired random number upper bound is not a power of two ok deraadt@ millert@ | |||
| 2007-09-02 | use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg | Theo de Raadt | |
| 2007-07-31 | From Gilles Chehade: | Ray Lai | |
| - Use strtonum instead of atoi. - Improve strtol error checking. - Change strchr calls to strcspn and eliminating some unused variables as a result. OK moritz | |||
| 2007-07-27 | Fix potential memory leak, when snprintf(3) returns an empty buffer. | Moritz Jodeit | |
| OK ray@ | |||
| 2007-06-21 | Adjust spacing, combine malloc + strlcpy + strlcat into a single | Ray Lai | |
| asprintf call. OK moritz | |||
| 2007-06-19 | Make sure perror_reply() is only called when errno is set. When | Ray Lai | |
| changing perror_reply() -> reply(), increase error message detail for ftp client. Move free() statement to prevent errno clobbering. OK moritz | |||
| 2007-03-22 | Do not advertise version in the ftp banner, because there is no reason to. | Chad Loder | |
| OK mbalmer@, xsa@, henning@, idea prompted by deraadt | |||
| 2007-03-01 | - use proper log facility and priority in the slave sig handlers | Otto Moerbeek | |
| - if the monitor decides to kill the slave, log that ok millert@ moritz@ | |||
| 2006-12-21 | 'tranfer' -> 'transfer' in comments. | Kenneth R Westerback | |
| 2006-10-18 | Avoid double fclose() of a file if we exceed retries. Coverity ID 2669. | Todd C. Miller | |
| OK cloder@ | |||
| 2006-10-18 | you do not call fclose() on a file descriptor; ok cloder | Theo de Raadt | |
| 2006-04-21 | lint cleanup; ok ray moritz dhill | Theo de Raadt | |
| 2005-12-03 | remove shadowing variables; ok pval | Theo de Raadt | |
| 2005-12-01 | fix double var declarations in same scope, found by lint; ok deraadt cloder | Peter Valchev | |
| 2005-08-22 | EOF in ascii mode may also mean EOF so avoid printing a bogus error and ↵ | Michael Shalayeff | |
| behave same as bin mode; beck@ deraadt@ millert@ ok | |||
| 2005-07-14 | let root create the data socket. fixes PR 4287. | Moritz Jodeit | |
| ok millert@ henning@ | |||
| 2005-05-24 | readd endpwent() | Moritz Jodeit | |
| 2005-05-24 | no need for endpwent() | Moritz Jodeit | |
| 2005-04-21 | make code prettier so we can tell it is safe when we read it; ok beck cloder | Theo de Raadt | |
| 2005-03-15 | better handling of cases where getnameinfo() returns non-zero. | Niall O'Higgins | |
| upon failure, don't try to print the contents of the char buffers we passed it. ok & feedback henning@, moritz@ (thanks!) | |||
| 2004-12-06 | seperate reply_r, like earlier change but safer; moritz ok | Theo de Raadt | |
| 2004-12-04 | reply() used to play a lot with stdout, expecially fflush(stdout). | Theo de Raadt | |
| The recent change is to avoid stdio. That's good, except there are nearly 130 calls to this function, yet what if one of them depended on fflush() or something else in this code? The semantic change was never checked. That is not how we do development -- back this out until we know that checking work has been done. | |||
| 2004-12-03 | make reply() reentrant. fixes a signal race. | Moritz Jodeit | |
| ok henning@ | |||
| 2004-11-28 | logging fixes: | Henning Brauer | |
| -don't prefix ftpd: in syslog(), it does that for us -replace a bad (too late) err() by syslog + exit from moritz | |||
| 2004-11-28 | bump version | Henning Brauer | |
| 2004-11-28 | fix ttyline setting, fixes proctitle. | Henning Brauer | |
| notice independently by theo and pval, fix from moritz jodeit | |||
| 2004-11-28 | privilege seperate ftpd | Henning Brauer | |
| handle the pre-authentication phase (minus a tiny tiny tiny amount of code after accept()) in an unprivileged process, asking the privileged monitor for help where needed. work by Moritz Jodeit <moritz@jodeit.org> with help from theo and me tests theo ian@ matthieu@ ben@networkinsanity.com a.schlichting@lemarit.com | |||
| 2004-11-22 | More sensible error when both the -n and -A flags are used. Text OK jmc@ | Todd C. Miller | |
| 2004-09-30 | cope nicer with accept() failures, from freebsd; millert ok | Theo de Raadt | |
| 2003-12-12 | knf | Theo de Raadt | |
| 2003-12-10 | spacing | Theo de Raadt | |
| 2003-12-09 | knf | Theo de Raadt | |
| 2003-12-09 | fix PR 3596 by making root create the socket, ok millert@ | Bob Beck | |
| 2003-11-20 | ftpd.8: | Jason McIntyre | |
| - simpler macros - sort options - some updates ftpd.c: - sync usage() | |||
| 2003-11-12 | Don't hold on to the bind() while we loop around waiting to see if we can | Todd C. Miller | |
| make our connection. Adapted from FreeBSD via danh@ | |||
| 2003-10-01 | listen to bodh IPv4/v6 ftp port on -D by default. deraadt ok. | Jun-ichiro itojun Hagino | |
| comments from markus, millert. tested by fries | |||
| 2003-09-30 | usage(): | Jason McIntyre | |
| - add missing -n (from Jeff Ito PR 3496) - remove deprecated -h - sort -T and -t to match man page | |||
| 2003-07-29 | spaces | Theo de Raadt | |
| 2003-07-07 | make this match protos; millert ok | Theo de Raadt | |
| 2003-06-11 | ansi cleanup; ok ian markus | Theo de Raadt | |
| 2003-06-02 | Remove the advertising clause in the UCB license which Berkeley | Todd C. Miller | |
| rescinded 22 July 1999. Proofed by myself and Theo. | |||
| 2003-04-10 | Replace strcpy() w/ strlcpy() from espie@ | Todd C. Miller | |
| Don't try to free pw_dir -- it is no longer allocated separately. Instead, add an extra param to sgetpwnam() to allow it to dupe an existing struct passwd * (instead of doing a lookup by username) and use this to reallocate pw in the case where pw_dir is the NULL string. deraadt@ OK | |||
| 2003-02-17 | reply() -> perror_reply(). | Mike Pechkin | |
| millert@ ok | |||
| 2002-11-25 | Change a setuid() that should be seteuid(), not iced by grange@ | Todd C. Miller | |
| Move a va_end so it gets called in an error condition as well | |||
| 2002-11-15 | o Once a user is logged in, don't allow a change to another user. | Todd C. Miller | |
| o Run more code with the effective uid of the logged in user. From Frank Denis | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |