Subject: Re: pkg/23963
To: Philippe Oechslin <philippe.oechslin@objectif-securite.ch>
From: Luke Mewburn <lukem@NetBSD.org>
List: pkgsrc-bugs
Date: 06/06/2005 23:11:05
--euFSwY3dVV7YUssO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Jun 05, 2005 at 10:37:02PM +0000, Philippe Oechslin wrote:
| Hello there,
| I have tested tnftp 20050511. The behaviour has changed, but there sti=
ll=20
| is a bug.
| =20
| I have downloaded 20050511 and compiled it (./configure, make) on my=
=20
| Linux Suse 9.2 distribution.
| =20
| When I give a username that is too long, the rest of the username stay=
s=20
| in a buffer and is inserted in the next username. At least there is no=
=20
| interaction with later comands.=20
| =20
| Here is an example: the commands that I typed are
| - o ftp.microsoft.com
| - user AAA..AAcheck_this_outBBB..BBB
| - <blank password>
| - user <blank username>
| - <blank password>
| =20
| tp> o ftp.microsoft.com
| Connected to ftp.microsoft.com.
| 220 Microsoft FTP Service
| Name (ftp.microsoft.com:oechslin):=20
| AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc=
heck_this_outBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBB
| 331 Password required for=20
| AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc=
heck_th.
| Password:
| 530 User=20
| AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc=
heck_th=20
| cannot log in.
| ftp: Login failed.
| ftp> user
| (username) 331 Password required for=20
| s_outBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBB.
| Password:
| 530 User=20
| s_outBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=
BBBBBBBBBBBBBBBBBBB=20
| cannot log in.
| Login failed.
| =20
| As you can see from the screen dump and from looking at the trafic, th=
e=20
| username is trunctated after 78 characters after the initial user=20
| command with a long username. When I type a second user command witho=
ut=20
| argument, the rest of the previous username is transmitted. However, t=
he=20
| extra data does not seem to interact with later commands as it did whe=
n=20
| I discovered the bug.
Is editing enabled or disabled when you attempt this?
Can you run your test with "-d" (debug), and send me the full
output (including the full string that you're using to cause
the problem)?
Thanks,
Luke.
--euFSwY3dVV7YUssO
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
iD8DBQFCpEtppBhtmn8zJHIRAgbZAJ4wQ3RRjJvuNDjAXgDV1QkbxL/pQQCgnPI7
YZRTfbp5JaJNZmULRGwtx+k=
=zXS7
-----END PGP SIGNATURE-----
--euFSwY3dVV7YUssO--