betaftpd-devel Mailing List for BetaFTPD
Status: Beta
Brought to you by:
sgunderson
Menu
▾
▴
betaftpd-devel — BetaFTPD development list
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Rohan C. <Ro...@ix...> - 2003-07-08 00:08:14
|
Hi, I found a bug in betaftpd ( file ftpd.c, function do_download) in which if MMAP is not enabled, we read the file, but if send does not send the entire buffer that was read, then erroneous behavious can result. This is due to the fact that read automatically increments the read pointer, and if send does a partial send, then the remaining bytes are lost the next time do_download is called. I am submitting a patch to correct this. -rohan |
|
From: Dan K. <da...@ke...> - 2003-06-21 18:31:20
|
Running betaftpd with 600 or so dkftpbench users, and
then killing dkftpbench, causes betaftpd to crash.
Valgrind helped narrow down the problems.
(If you haven't used valgrind, you're in for a treat! Try it!)
There were two root causes:
1. list nodes having uninitialized next or prev pointers.
This was simple to fix, just had to always initialize them to 0.
Only alloc_new_conn and alloc_new_ftran needed fixing.
2. parse_command calls command handlers, then unless the handler
returned 0 to indicate a destroyed connection, it references
the connection again. However, many handlers call numeric(),
which can destroy the connection it's being called on.
The "solution" is to make numeric return the same sort of value
that the handlers do, and have the handlers return numeric's
return value. More or less. Propagating that error value
back gets a little tricky.
Not quite sure if the fix I did was correct, but it doesn't
fail like it used to under my little stress test.
The fix is at
http://kegel.com/dkbetaftpd/betaftpd-numeric2.patch
This patch fails to propagate errors that happen during
TRAP_ERROR, so there's still a DOS attack possible,
but at least it's a start. Comments welcome.
- Dan
--
Dan Kegel
http://www.kegel.com
http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=78045
|
|
From: Steinar H. G. <sgu...@bi...> - 2000-10-07 19:12:52
|
Eeeehhh... Is anybody subscribed to this list at all? :-) /* Steinar */ -- Homepage: http://members.xoom.com/sneeze/ |