netbsd-bugs: bin/8768: ftp(1): User-Agent field doesn't conform HTTP/1.1

Subject: bin/8768: ftp(1): User-Agent field doesn't conform HTTP/1.1
To: None <gnats-bugs@gnats.netbsd.org>
From: None <itohy@netbsd.org>
List: netbsd-bugs
Date: 11/09/1999 23:31:08

>Number:         8768
>Category:       bin
>Synopsis:       ftp(1): User-Agent field doesn't conform HTTP/1.1
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Nov  9 23:30:01 1999
>Last-Modified:
>Originator:     ITOH Yasufumi
>Organization:
	
>Release:        1.4M (Nov. 9, 1999)
>Environment:
System: NetBSD acha.my.domain 1.4M NetBSD 1.4M (ACHA) #9: Sun Nov 7 08:43:14 JST 1999 itohy@zun.my.domain:/usr/src/sys/arch/x68k/compile/ACHA x68k


>Description:
	ftp(1) sends a line such as

		User-Agent: NetBSD-1.4M/ftp

	in the HTTP/1.x request header.  This line does not strictly
	conform RFC 2616 (HTTP/1.1 specification).

	In RFC 2616, the User-Agent field is defined as follows:

		User-Agent	= "User-Agent" ":" 1*( product | comment )

		comment		= "(" *( ctext | quoted-pair | comment ) ")"
		ctext		= <any TEXT excluding "(" and ")">

		token		= 1*<any CHAR except CTLs or separators>
		separators	= "(" | ")" | "<" | ">" | "@"
				| "," | ";" | ":" | "\" | <">
				| "/" | "[" | "]" | "?" | "="
				| "{" | "}" | SP | HT
		quoted-pair	= "\" CHAR

	3.8 Product Tokens

	Product tokens are used to allow communicating applications
	to identify themselves by software name and version. Most
	fields using product tokens also allow sub-products which
	form a significant part of the application to be listed,
	separated by white space. By convention, the products are
	listed in order of their significance for identifying the
	application.

		product		= token ["/" product-version]
		product-version	= token

	(snip)

	Product tokens SHOULD be short and to the point. They MUST
	NOT be used for advertising or other non-essential information.
	Although any token character MAY appear in a product-version,
	this token SHOULD only be used for a version identifier
	(i.e., successive versions of the same product SHOULD only
	differ in the product-version portion of the product value).

	(Quoted from RFC 2616 Copyright (C) The Internet Society (1999).)

>How-To-Repeat:
	Use ftp(1) against a WWW server without proxies,
	and see the agent log on the server.

>Fix:
	Change the field like as

		User-Agent: NetBSD-ftp/1.0 (NetBSD 1.4M)
	or
		User-Agent: lukemftp/1.0b7 (NetBSD 1.4M)

	or something.
	(Is this an advertisement? :-)
>Audit-Trail:
>Unformatted: