Skip Menu |

Download (untitled) / with headers
text/plain 2.7KiB
From zacheiss@MIT.EDU Mon Apr 9 23:34:46 2001
Received: from (FORT-POINT-STATION.MIT.EDU [])
by (8.9.3/8.9.3) with ESMTP id XAA17872
for <>; Mon, 9 Apr 2001 23:34:46 -0400 (EDT)
by (8.9.2/8.9.2) with ESMTP id XAA05211;
Mon, 9 Apr 2001 23:34:45 -0400 (EDT)
Received: (from zacheiss@localhost) by (8.9.3)
id XAA08561; Mon, 9 Apr 2001 23:34:45 -0400 (EDT)
Message-Id: <>
Date: Mon, 9 Apr 2001 23:34:45 -0400 (EDT)
From: zacheiss@MIT.EDU
Reply-To: zacheiss@MIT.EDU
To: krb5-bugs@MIT.EDU
Cc: zacheiss@MIT.EDU
Subject: bug in krb5 ftp client
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 938
>Category: krb5-appl
>Synopsis: ftp client won't allow connections to ports higher than 32767
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: raeburn
>State: feedback
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Apr 9 23:35:01 EDT 2001
>Last-Modified: Tue May 1 19:31:01 EDT 2001
>Originator: Garry Zacheiss
Garry Zacheiss
Show quoted text
>Release: krb5-1.1.1

System: SunOS 5.7 Generic_106541-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4

Show quoted text
Attempting to use the krb5 ftp client to connect to a port
higher than 32767 results in:

[zacheiss@sweet-transvestite] ~$ ftp localhost 32768
localhost: bad port number-- 32768
usage: ftp host-name [port]
Show quoted text

Show quoted text
Use the krb5 ftp client to connect to an ftp server running on a
port higher than 32767.
Show quoted text
setpeer() in krb5/src/appl/gssftp/ftp/cmds.c declres the
variable port to be a short. It should be an unsigned short;
see the enclosed patch.

--- cmds.c 1999/10/07 02:42:44 1.4
+++ cmds.c 2001/04/09 20:14:16 1.5
@@ -126,7 +126,7 @@
char *argv[];
char *host, *hookup();
- short port;
+ unsigned short port;

if (connected) {
printf("Already connected to %s, use close first.\n",
Show quoted text

State-Changed-From-To: open-feedback
State-Changed-By: raeburn
State-Changed-When: Tue May 1 19:28:28 2001

I put this patch into 1.3, but also extended the port-number checks to
explicitly check the range better, instead of letting overflow bring
the supplied number back into the range of this variable's type.

Responsible-Changed-From-To: krb5-unassigned->raeburn
Responsible-Changed-By: raeburn
Responsible-Changed-When: Tue May 1 19:30:59 2001
I took it.

Show quoted text
closing; fixed in krb5-1.2.3