TJ Saunders of the proftpd project identified and pointed out problems with (a2902de6) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -7,6 +7,11 @@
		Changelog


		Daniel (27 September 2005)
		- TJ Saunders of the proftpd project identified and pointed out problems with
		the modified FTPS negotiation change of August 19 2005. Thus, we revert the
		change back to pre-7.14.1 status.

		Daniel (21 September 2005)
		- Fixed "cut off" sentence in the libcurl-tutorial man page:
		http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329305

RELEASE-NOTES

+1 −0

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@ This release includes the following changes:

		This release includes the following bugfixes:

		o FTPS negotiation timeouts/errors
		o SSPI works even for Windows 9x
		o crash in --dump-header on FTP
		o test 56 runs better

lib/ftp.c

+19 −27

Original line number	Diff line number	Diff line
		@@ -174,13 +174,9 @@ static bool isBadFtpString(const char *string)
		* to us. This function will sit and wait here until the server has
		* connected.
		*
		* If FTP-SSL is used and SSL is requested for the data connection, this
		* function will do that transport layer handshake too.
		*
		*/
		static CURLcode AllowServerConnect(struct connectdata *conn)
		{
		CURLcode result;
		int timeout_ms;
		struct SessionHandle *data = conn->data;
		curl_socket_t sock = conn->sock[SECONDARYSOCKET];
		@@ -235,17 +231,6 @@ static CURLcode AllowServerConnect(struct connectdata *conn)
		break;
		}

		/* If PASV is used, this is is made elsewhere */
		if(conn->ssl[SECONDARYSOCKET].use) {
		/* since we only have a plaintext TCP connection here, we must now
		do the TLS stuff */
		infof(data, "Doing the SSL/TLS handshake on the data stream\n");
		/* BLOCKING */
		result = Curl_ssl_connect(conn, SECONDARYSOCKET);
		if(result)
		return result;
		}

		return CURLE_OK;
		}

		@@ -2040,6 +2025,16 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn,
		return result;
		}

		if(conn->ssl[SECONDARYSOCKET].use) {
		/* since we only have a plaintext TCP connection here, we must now
		do the TLS stuff */
		infof(data, "Doing the SSL/TLS handshake on the data stream\n");
		/* BLOCKING */
		result = Curl_ssl_connect(conn, SECONDARYSOCKET);
		if(result)
		return result;
		}

		*(ftp->bytecountp)=0;

		/* When we know we're uploading a specified file, we can get the file
		@@ -2139,6 +2134,15 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
		return result;
		}

		if(conn->ssl[SECONDARYSOCKET].use) {
		/* since we only have a plaintext TCP connection here, we must now
		do the TLS stuff */
		infof(data, "Doing the SSL/TLS handshake on the data stream\n");
		result = Curl_ssl_connect(conn, SECONDARYSOCKET);
		if(result)
		return result;
		}

		if(size > conn->maxdownload && conn->maxdownload > 0)
		size = conn->size = conn->maxdownload;

		@@ -3100,18 +3104,6 @@ CURLcode Curl_ftp_nextconnect(struct connectdata *conn)
		if(!ftp->no_transfer && !conn->bits.no_body) {
		/* a transfer is about to take place */

		if(conn->ssl[SECONDARYSOCKET].use &&
		!data->set.ftp_use_port) {
		/* PASV is used and we just got the data connection connected, then
		it is time to handshake the secure stuff. */

		infof(data, "Doing the SSL/TLS handshake on the data stream\n");
		/* BLOCKING */
		result = Curl_ssl_connect(conn, SECONDARYSOCKET);
		if(result)
		return result;
		}

		if(data->set.upload) {
		NBFTPSENDF(conn, "TYPE %c", data->set.ftp_ascii?'A':'I');
		state(conn, FTP_STOR_TYPE);