| Subject: | Passive mode mis-reports upper 8 bits of port |
When connecting to the server and enabling passive mode, the port
returned to the client reports the upper 8 bits of the 2-byte port range
as a 16-bit number. For example:
Show quoted text
ftp> passive
Passive mode on.
Show quoted textftp> dir
227 Entering Passive Mode. (127,0,0,1,1047,4)
150 Opening ASCII mode data connection for /bin/ls.
drwxr-xr-x 3 root other 512 Oct 25 20:21 .
drwxr-xr-x 5 root other 512 Nov 8 21:15 ..
226 Transfer complete.
182 bytes received in 0.012 seconds (15.41 Kbytes/s)
Show quoted textftp> ls
227 Entering Passive Mode. (127,0,0,1,1170,90)
The values 1047 and 1170 are not valid 8-bit integers.
For many FTP clients, this is not an issue as they implicitly only use
the lower 8-bits of each integer before re-assembling into the 16-bit
port number; however, some FTP client libraries that do not explicitly
use restricted bit arithmetic (i.e. they use 32-bit integers for all
operations) mis-understand the port number and will throw exceptions
that the port number is out of range.
Attached is a simple patch that corrects this issue.
| Subject: | passive_port_range.patch |
--- /usr/local/lib/perl5/site_perl/POE/Component/Server/FTP/ControlSession.pm Wed Mar 21 14:42:08 2007
+++ POE/Component/Server/FTP/ControlSession.pm Thu Nov 8 21:15:15 2007
@@ -695,6 +695,7 @@
my $p1 = int ((int rand(65430)) / 256)+1025;
my $p2 = (int rand(100))+1;
$p1 -= $p2;
+ $p1 &= 0xFF;
POE::Component::Server::FTP::DataSession->new($heap->{params},{
fs => $heap->{filesystem},