From craig.cox@reacomp.com Fri Sep 8 20:49:19 2000
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id UAA05891
for <bugs@RT-11.MIT.EDU>; Fri, 8 Sep 2000 20:49:19 -0400 (EDT)
Received: from server57.aitcom.net by MIT.EDU with SMTP
id AA13010; Fri, 8 Sep 00 20:48:45 EDT
Received: from reacomp.com (reacomp.faynet.com [208.11.174.164])
by reacomp.com (8.8.8/8.8.5) with ESMTP id UAA16274
for <krb5-bugs@mit.edu>; Fri, 8 Sep 2000 20:49:15 -0400
Message-Id: <39B98908.934407E4@reacomp.com>
Date: Fri, 08 Sep 2000 20:49:12 -0400
From: Craig Cox <craig.cox@reacomp.com>
Sender: coxc@reacomp.com
To: krb5-bugs@MIT.EDU
Subject: Bug in FTP "newer" command
FTP "newer" command should "get" a file from the remote server only if
the file on the server is newer than the local copy, if it exists. Due
to the bug the "ftp" command only sees the local file as newer than the
remote if the local file year is before the remote file year or the
local file month is before the remote file month. If neither of these
are true, the file days, hours, minutes, and seconds are never checked.
(This is not exactly true, but close enough to describe the error.) This
problem is due to a bug in an "if" statement in the file
krb5-1.1.1/src/appl/gssftp/ftp/cmds.c. The erroneous code is in the
"getit" function and starts about 70 lines into that function. (Even
though I am running version 1.1.1, I checked the source code for the
latest 1.2.1 and it appears to still have this erroneous "if"
statement.) Here is the unmodified section of the code that causes the
error.
========== BEGINNING OF ERRONEOUS CODE ==========
if (command("MDTM %s", argv[1]) ==
COMPLETE) {
int yy, mo, day, hour, min, sec;
struct tm *tm;
verbose = overbose;
sscanf(reply_string,
"%*s
%04d%02d%02d%02d%02d%02d",
&yy, &mo, &day, &hour, &min,
&sec);
tm = gmtime(&stbuf.st_mtime);
tm->tm_mon++;
if (tm->tm_year > yy-1900)
return (1);
else if (tm->tm_year == yy-1900)
{
if (tm->tm_mon > mo)
return (1);
} else if (tm->tm_mon == mo) {
if (tm->tm_mday > day)
return (1);
} else if (tm->tm_mday == day) {
if (tm->tm_hour > hour)
return (1);
} else if (tm->tm_hour == hour)
{
if (tm->tm_min > min)
return (1);
} else if (tm->tm_min == min) {
if (tm->tm_sec > sec)
return (1);
}
} else {
printf("%s\n", reply_string);
verbose = overbose;
return (0);
}
========== END OF ERRONEOUS CODE ==========
The problem is that the "if" statement is not properly nested as it
should be. If the years and months are equal, the code to check for days
is never reached. Here is the corrected code that should be substituted
for the erroneous code to solve the problem. The proper nesting makes
the formatting look ugly and there is probably a prettier way to write
this, but it works.
========== BEGINNING OF CORRECTED CODE ==========
if (command("MDTM %s", argv[1]) ==
COMPLETE) {
int yy, mo, day, hour, min, sec;
struct tm *tm;
verbose = overbose;
sscanf(reply_string,
"%*s
%04d%02d%02d%02d%02d%02d",
&yy, &mo, &day, &hour, &min,
&sec);
tm = gmtime(&stbuf.st_mtime);
tm->tm_mon++;
if (tm->tm_year > yy-1900)
return (1);
else if (tm->tm_year == yy-1900)
{
if (tm->tm_mon > mo)
return (1);
else if (tm->tm_mon ==
mo) {
if (tm->tm_mday
(1);
else if
(tm->tm_mday == day) {
if
(tm->tm_hour > hour)
return (1);
else if
(tm->tm_hour == hour) {
if (tm->tm_min > min)
return (1);
else if (tm->tm_min == min) {
if (tm->tm_sec > sec)
return (1);
}
}
}
}
}
} else {
printf("%s\n", reply_string);
verbose = overbose;
return (0);
}
========== END OF CORRECTED CODE ==========
State-Changed-From-To: open-analyzed
State-Changed-By: tlyu
State-Changed-When: Wed Feb 7 15:55:11 2001
State-Changed-Why:
Responsible-Changed-From-To: gnats-admin->tlyu
Responsible-Changed-By: tlyu
Responsible-Changed-When: Wed Feb 7 15:55:22 2001
Responsible-Changed-Why:
refiled
From: Tom Yu <tlyu@MIT.EDU>
To: craig.cox@reacomp.com
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/885: Bug in FTP "newer" command
Date: Wed, 7 Feb 2001 16:12:26 -0500 (EST)
Thanks for the bug report. This does appear to be a bug. I'll look
into getting it fixed, though you are right in that the resulting
formatting looks ugly.
---Tom
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id UAA05891
for <bugs@RT-11.MIT.EDU>; Fri, 8 Sep 2000 20:49:19 -0400 (EDT)
Received: from server57.aitcom.net by MIT.EDU with SMTP
id AA13010; Fri, 8 Sep 00 20:48:45 EDT
Received: from reacomp.com (reacomp.faynet.com [208.11.174.164])
by reacomp.com (8.8.8/8.8.5) with ESMTP id UAA16274
for <krb5-bugs@mit.edu>; Fri, 8 Sep 2000 20:49:15 -0400
Message-Id: <39B98908.934407E4@reacomp.com>
Date: Fri, 08 Sep 2000 20:49:12 -0400
From: Craig Cox <craig.cox@reacomp.com>
Sender: coxc@reacomp.com
To: krb5-bugs@MIT.EDU
Subject: Bug in FTP "newer" command
Show quoted text
>Number: 885
>Category: krb5-appl
>Synopsis: Bug in FTP "newer" command
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: tlyu
>State: analyzed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Sep 8 20:50:01 EDT 2000
>Last-Modified: Fri Sep 14 13:43:55 EDT 2001
>Originator: Craig Cox <craig.cox@reacomp.com>
>Organization:
>Release: krb5-1.2.1
>Environment:
>Description:
I believe I have found a bug in the Kerberos "ftp" command. The>Category: krb5-appl
>Synopsis: Bug in FTP "newer" command
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: tlyu
>State: analyzed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Sep 8 20:50:01 EDT 2000
>Last-Modified: Fri Sep 14 13:43:55 EDT 2001
>Originator: Craig Cox <craig.cox@reacomp.com>
>Organization:
>Release: krb5-1.2.1
>Environment:
>Description:
FTP "newer" command should "get" a file from the remote server only if
the file on the server is newer than the local copy, if it exists. Due
to the bug the "ftp" command only sees the local file as newer than the
remote if the local file year is before the remote file year or the
local file month is before the remote file month. If neither of these
are true, the file days, hours, minutes, and seconds are never checked.
(This is not exactly true, but close enough to describe the error.) This
problem is due to a bug in an "if" statement in the file
krb5-1.1.1/src/appl/gssftp/ftp/cmds.c. The erroneous code is in the
"getit" function and starts about 70 lines into that function. (Even
though I am running version 1.1.1, I checked the source code for the
latest 1.2.1 and it appears to still have this erroneous "if"
statement.) Here is the unmodified section of the code that causes the
error.
========== BEGINNING OF ERRONEOUS CODE ==========
if (command("MDTM %s", argv[1]) ==
COMPLETE) {
int yy, mo, day, hour, min, sec;
struct tm *tm;
verbose = overbose;
sscanf(reply_string,
"%*s
%04d%02d%02d%02d%02d%02d",
&yy, &mo, &day, &hour, &min,
&sec);
tm = gmtime(&stbuf.st_mtime);
tm->tm_mon++;
if (tm->tm_year > yy-1900)
return (1);
else if (tm->tm_year == yy-1900)
{
if (tm->tm_mon > mo)
return (1);
} else if (tm->tm_mon == mo) {
if (tm->tm_mday > day)
return (1);
} else if (tm->tm_mday == day) {
if (tm->tm_hour > hour)
return (1);
} else if (tm->tm_hour == hour)
{
if (tm->tm_min > min)
return (1);
} else if (tm->tm_min == min) {
if (tm->tm_sec > sec)
return (1);
}
} else {
printf("%s\n", reply_string);
verbose = overbose;
return (0);
}
========== END OF ERRONEOUS CODE ==========
The problem is that the "if" statement is not properly nested as it
should be. If the years and months are equal, the code to check for days
is never reached. Here is the corrected code that should be substituted
for the erroneous code to solve the problem. The proper nesting makes
the formatting look ugly and there is probably a prettier way to write
this, but it works.
========== BEGINNING OF CORRECTED CODE ==========
if (command("MDTM %s", argv[1]) ==
COMPLETE) {
int yy, mo, day, hour, min, sec;
struct tm *tm;
verbose = overbose;
sscanf(reply_string,
"%*s
%04d%02d%02d%02d%02d%02d",
&yy, &mo, &day, &hour, &min,
&sec);
tm = gmtime(&stbuf.st_mtime);
tm->tm_mon++;
if (tm->tm_year > yy-1900)
return (1);
else if (tm->tm_year == yy-1900)
{
if (tm->tm_mon > mo)
return (1);
else if (tm->tm_mon ==
mo) {
if (tm->tm_mday
Show quoted text
> day)
return(1);
else if
(tm->tm_mday == day) {
if
(tm->tm_hour > hour)
return (1);
else if
(tm->tm_hour == hour) {
if (tm->tm_min > min)
return (1);
else if (tm->tm_min == min) {
if (tm->tm_sec > sec)
return (1);
}
}
}
}
}
} else {
printf("%s\n", reply_string);
verbose = overbose;
return (0);
}
========== END OF CORRECTED CODE ==========
Show quoted text
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Fix:
>Audit-Trail:
State-Changed-From-To: open-analyzed
State-Changed-By: tlyu
State-Changed-When: Wed Feb 7 15:55:11 2001
State-Changed-Why:
Responsible-Changed-From-To: gnats-admin->tlyu
Responsible-Changed-By: tlyu
Responsible-Changed-When: Wed Feb 7 15:55:22 2001
Responsible-Changed-Why:
refiled
From: Tom Yu <tlyu@MIT.EDU>
To: craig.cox@reacomp.com
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/885: Bug in FTP "newer" command
Date: Wed, 7 Feb 2001 16:12:26 -0500 (EST)
Thanks for the bug report. This does appear to be a bug. I'll look
into getting it fixed, though you are right in that the resulting
formatting looks ugly.
---Tom
Show quoted text
>Unformatted: