summaryrefslogtreecommitdiffstats
path: root/libexec/ftpd (follow)
Commit message (Collapse)AuthorAgeFilesLines
* We know about optreset from unistd.h.florian2020-12-271-2/+1
| | | | | From Jan Stary, thanks. OK martijn
* Avoid passing a NULL name to retrieve(), use "." instead.millert2020-03-041-2/+2
| | | | | Fixes a "vfprintf %s NULL" warning in ftpd. OK deraadt@ tb@
* Simplify globbing of ftpd(8)s list and nlst commands.jan2020-01-153-34/+25
| | | | | | Also avoid command option injection for ls(1). OK martijn@
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-031-2/+2
|
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-286-71/+71
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* rm dead code and simplify ftpd_popen. this code has only calledtedu2019-05-085-75/+42
| | | | | | its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
* Flip snprintf(3) error check to align it with the man page example.bluhm2018-12-111-2/+2
| | | | | No functional change. suggested by tb@; from Jan Klemkow
* Convert some variables with non-negative values to unsigned typebluhm2018-12-111-6/+7
| | | | | to avoid comparison of integers of different signs. from Jan Klemkow; OK tb@
* Don't send multiple error messages in response to a single commandmikeb2017-04-271-1/+5
| | | | | | | | | While a few commands (such as HELP and NOOP) are allowed in between USER and PASS, most of the others are not. However if such command is issued, ftpd should abort the command evaluation early and reply with "530 Please login with USER and PASS." From form@, with input from deraadt@ and OK millert@
* memset() of password field should be explicit_bzero().deraadt2017-04-171-2/+2
| | | | [Not using freezero() in yacc files yet]
* freezero() can be used herederaadt2017-04-171-3/+2
|
* Use a single "opt" variable for all setsockopt calls in getdatasock().jca2016-09-031-12/+13
| | | | | | | on = 65536; if (setsockopt(... &on ...) is slightly misleading.
* Set "lowdelay" and "throughput" Traffic Class on command & data IPv6 sockets.jca2016-09-031-7/+21
|
* Don't attempt to support IPv4-mapped IPv6 addresses.jca2016-08-311-37/+5
| | | | | | | | | | | | | We don't consider support for those addreses as desirable, so let's not give a bad example by keeping application code to handle them. This is dead code on OpenBSD anyway since we do not support IPv4-mapped stuff. But let's keep the check to log and warn the admin if the code gets ported elsewhere. Porters of this code should ensure that IPv6 sockets can't see IPv4-mapped addresses by using the IPV6_V6ONLY sockopt. Discussed with & ok tedu@ For a rationale, see https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
* remove ifdef for all the features we have.tedu2016-08-301-16/+1
| | | | | retain disabled ip4in6 code until its future is decided. ok deraadt jca
* trim down some NBBY references. 8 bits ought to be enough for anyone.tedu2016-08-262-9/+5
|
* When upcasting to off_t for multiplication, the cast needs to be *before*guenther2016-08-141-4/+4
| | | | | | the multiplication to avoid truncation/overflow ok krw@
* Convert %q to %ll with long long casts for printf()guenther2016-08-142-26/+26
| | | | | | Delete pointless casts to off_t, void*, and uid_t ok krw@
* Use fstatat() instead of crafting a filename to use with stat()guenther2016-07-041-14/+16
| | | | ok millert@
* Kill #ifdef INET6 occurrences in userland.jca2016-05-042-9/+2
| | | | | | | Prompted by and ok millert@ (tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
* prefer setres{u,g}id() rather than manipulating both real and effectivederaadt2016-04-252-12/+8
| | | | | ids, it clarifies these are full revocation situations. ok millert
* compare pointer to NULL instead of 0semarie2016-04-061-7/+8
| | | | | | from fritjof ! alokat.org ok ratchov@ natano@
* More "(<blah> *)0" -> NULL, avoiding any stdarg functions.krw2016-03-161-2/+2
| | | | Feedback millert@ kettenis@
* Print ssize_t with %zd; ok deraadt@ mmcc@jca2016-02-291-4/+4
|
* Kill unused variable.jca2016-02-291-2/+2
|
* Remove NULL-checks before free(). ok tb@mmcc2015-12-121-11/+6
|
* needs utf8.c from the ls tree alsoderaadt2015-12-011-2/+2
|
* don't need to ifdef setproctitletedu2015-11-164-21/+4
|
* No longer create /var/run/ftpd.pid in daemon mode; OK jung@ jca@millert2015-10-252-10/+4
|
* unifdef some oldness. (BSD not defined since removal of param.h)tedu2015-10-251-10/+1
| | | | ok jca sthen
* Delete the empty example file "ftpchroot"; no example is needed.schwarze2015-10-191-2/+3
| | | | | | Move the one useful bit of information contained in the file ("one user name per line") to the ftpd(8) manual page where it belongs. OK deraadt@ sthen@
* fix custom popen to return pid to caller instead of tracking in a gianttedu2015-10-043-36/+24
| | | | | | array. this implies we can't use a function pointer for close, but also means we get to repair some abuse of the comma operator. ok miod
* test pointers with NULL not '\0'jsg2015-09-011-4/+4
|
* calloc() is prototyped; do not cast resultderaadt2015-08-181-2/+2
|
* Eliminate use of TM_YEAR_BASE. OK guenther@ deraadt@ miod@millert2015-03-171-2/+2
|
* tzfile.h is an internal header that should never have been installed.millert2015-03-151-2/+1
| | | | | | | | | What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
* SIZE_MAX is standard, we should be using it in preference to themillert2015-02-061-4/+4
| | | | obsolete SIZE_T_MAX. OK miod@ beck@
* CMASK went out of scope with the recent <sys/param.h> removal. But ohderaadt2015-01-191-6/+2
| | | | | | golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-162-20/+20
| | | | | | | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* remove .Tn; from Jan Stary <hans at stare dot cz>schwarze2015-01-151-10/+5
|
* Remove unnecessary netinet/in_systm.h include.lteo2014-10-252-4/+2
| | | | ok millert@
* Delete secret or secret-derived data with explicit_bzero.doug2014-08-252-4/+4
| | | | | concept ok deraadt@ diff looks ok tedu@
* remove tcpwrappers support. ok deraadttedu2014-03-242-56/+2
|
* args! fix argstr. from LEVAI Daniel.sthen2014-03-171-2/+2
|
* tweak previous;jmc2014-03-171-9/+9
|
* typo, spotted by okan@sthen2014-03-171-2/+2
|
* Add an option to disallow ftp access to accounts with uid below a certainsthen2014-03-172-5/+35
| | | | | | number (idea borrowed from pure-ftpd). Enabled by default with minimum uid 1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@, gsoares@ and aja@ like it too.
* Fix REST (restart transfer) for offsets large than 2GB. OK okan@millert2014-02-081-15/+39
|
* If the file size is zero, there's nothing to transmit so avoid spammingjca2014-01-081-1/+7
| | | | | syslog with mmap failures. Noticed by and ok henning@, "looks right" deraadt@
* unsigned char for ctypederaadt2013-11-271-8/+8
| | | | ok okan kettenis
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.