Bug 17482

Summary:

ftpd(8) forget to close TCP port in passive mode

Product:

Base System

Reporter:

TANAKA Hiroyuki <kattyo>

Component:

bin

Assignee:

freebsd-bugs (Nobody) <bugs>

Status:

Closed FIXED

Severity:

Affects Only Me

Priority:

Normal

Version:

3.2-RELEASE

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
file.diff	none

Description TANAKA Hiroyuki 2000-03-19 06:10:01 UTC

	When ftpd fail data transfer with reply code 55x in passive mode,
	ftpd forget to close socket which listening for data transfer.
	
	This problem will affect anonymous ftp server as security hole.
	(Can do DoS attack.)

Fix: This patch is not perfect.

How-To-Repeat: 
	% ftp -p localhost
	Connected localhost.
	-- snip -- (here login) --
	ftp> get no-such-filename
	227 Entering Passive Mode (127,0,0,1,123,45)
	550 no-such-filename: No such a file or directory.
	ftp> !netstat -f inet
	Proto Send-Q Recv-Q  Local Address       Foreign Address  State
	tcp        0      0  localhost.31533     *.*              LISTEN
	tcp        0      0  localhost.ftp       localhost.31531  ESTABLISHED
	ftp> get no-such-filename
	227 Entering Passive Mode (127,0,0,1,123,46)
	550 no-such-filename: No such a file or directory.
	ftp> !netstat -f inet
	Proto Send-Q Recv-Q  Local Address       Foreign Address  State
	tcp        0      0  localhost.31533     *.*              LISTEN
	tcp        0      0  localhost.31534     *.*              LISTEN
	tcp        0      0  localhost.ftp       localhost.31531  ESTABLISHED


	If more and more retry it, to be out of file descripter and
	many commands can't execute because cant't load dynamic link libraries.


	total problem points:

	1.	PASV
		NLST (at empty directory)
	2.	PASV
		RETR no-such-filename
	3.	PASV
		STOR no-writable-filename
	     or	APPE no-writable-filename
	     or	STOU in-no-writable-directory

Comment 1 Mike Barcroft freebsd_committer

2001-07-22 01:47:03 UTC

State Changed
From-To: open->closed


It appears this problem is solved.  I can't reproduce this on 
5.0-CURRENT.