Subject: kern/12066 -- 1.5.1_BETA still affected
To: None <>
From: Ingolf Steinbach <>
List: current-users
Date: 04/24/2001 22:48:44
Darren Reed wrote:
> Check the FTP RFC.
> It has state diagrams which document what is and isn't allowed.

The state diagrams in STD-0009 for the login sequence indicate
1) a USER command can be answered with a 2xx reply -- in
   this case the client does not need to send a PASS command
2) a PASS command can be answered with a 3xx reply -- in
   this case an additional ACCT command is necessary.

Both cases are NOT handled by the FTP proxy in 1.5.1_BETA:
especially, active ftp sessions to servers which just need
a USER command without PASS will not have their PORT commands
rewritten and will fail.

It would be really nice if this bug were fixed in 1.5.1.
Please have a look at my message from 2001-02-05 in the
gnats database which suggests a fix for the problem.


Ingolf Steinbach        Balin@IRCnet         ICQ#60829470
PGP: 0x7B3B5661  213C 828E 0C92 16B5  05D0 4D5B A324 EC04