From ken@panzer.kdm.org  Sun Jun  4 20:07:38 2000
Return-Path: <ken@panzer.kdm.org>
Received: from panzer.kdm.org (panzer.kdm.org [216.160.178.169])
	by hub.freebsd.org (Postfix) with ESMTP id 0EBAD37B9F9
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  4 Jun 2000 20:07:28 -0700 (PDT)
	(envelope-from ken@panzer.kdm.org)
Received: (from ken@localhost)
	by panzer.kdm.org (8.9.3/8.9.1) id VAA33671;
	Sun, 4 Jun 2000 21:07:27 -0600 (MDT)
	(envelope-from ken)
Message-Id: <200006050307.VAA33671@panzer.kdm.org>
Date: Sun, 4 Jun 2000 21:07:27 -0600 (MDT)
From: ken@kdm.org
Sender: ken@panzer.kdm.org
Reply-To: ken@kdm.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: fetch -p doesn't use passive mode
X-Send-Pr-Version: 3.2

>Number:         19008
>Category:       bin
>Synopsis:       fetch -p doesn't use passive mode
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 04 20:10:00 PDT 2000
>Closed-Date:    Wed Jul 19 02:41:14 PDT 2000
>Last-Modified:  Wed Jul 19 02:50:03 PDT 2000
>Originator:     Kenneth D. Merry
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
KDM Enterprises
>Environment:

-current box as of about May 20th, 2000.

>Description:

fetch -p doesn't fetch files using passive mode ftp, although if you set
the FTP_PASSIVE_MODE variable to "yes", it will.

Using capital P instead of lower case p doesn't make any difference.  (The
code is the same in the fetch source anyway.)

>How-To-Repeat:

Configure a machine with a firewall that denies most incoming packets, or
even just incoming packets from port 20.

Try fetching a file with passive mode ftp, like this:

fetch -p ftp://ftp.freebsd.org/pub/FreeBSD/README.TXT

Watch the firewall logs:

ipfw: 1040 Deny TCP 209.155.82.20:20 A.B.C.D:49159 in via de0
ipfw: 1040 Deny TCP 209.155.82.20:20 A.B.C.D:49159 in via de0
ipfw: 1040 Deny TCP 209.155.82.20:20 A.B.C.D:49159 in via de0
ipfw: 1040 Deny TCP 209.155.82.20:20 A.B.C.D:49159 in via de0

Obviously fetch used active mode instead of passive mode.  In passive mode,
the client connects to the server, not vice versa, as my firewall logs
show.

Interestingly enough, if you set FTP_PASSIVE_MODE to "yes", fetch will get
files in passive mode.

>Fix:

I don't have a fix.  I looked into this a little bit, and it looks like the
problem is likely somewhere in libftpio, but it wasn't obvious to me at
first glance what the problem is.

>Release-Note:
>Audit-Trail:

From: Alexander Langer <alex@big.endian.de>
To: ken@kdm.org
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/19008: fetch -p doesn't use passive mode
Date: Mon, 5 Jun 2000 11:56:08 +0200

 Thus spake ken@kdm.org (ken@kdm.org):
 
 > I don't have a fix.  I looked into this a little bit, and it looks like the
 > problem is likely somewhere in libftpio, but it wasn't obvious to me at
 > first glance what the problem is.
 
 That is true. I noticed that bug a few weeks ago, too.
 
 But since DES is replacing the current fetch with a new version at the
 moment, which does support it, I don't think that anyone will fix
 that.
 
 The new fetch should be MFC'ed though, or the bug should be fixed in
 3.x and 4.x at least.
 
 Alex
 -- 
 I need a new ~/.sig.
 
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: des 
Responsible-Changed-When: Thu Jun 29 02:35:01 PDT 2000 
Responsible-Changed-Why:  
fetch(1) is mine. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19008 
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Wed Jul 19 02:41:14 PDT 2000 
State-Changed-Why:  
Seems to be fixed in 3.4. 4.0 and 5.0 have a different fetch(1) which does 
not have this bug. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19008 

From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
To: freebsd-gnats-submit@FreeBSD.org
Cc: ken@kdm.org
Subject: Re: bin/19008: fetch -p doesn't use passive mode
Date: 19 Jul 2000 11:41:01 +0200

 3.4-STABLE doesn't seem to have this problem:
 
 root@flood /usr/src/usr.bin/fetch# unset FTP_PASSIVE_MODE
 root@flood /usr/src/usr.bin/fetch# fetch -pvvv ftp://ftp.freebsd.org/pub/FreeBSD/README.TXT
 Sending: USER anonymous
 sourcerer.freesoftware.com FTP server (Version DG-3.1.42 Thu Jul 6 14:10:01 PDT 2000) ready.
 Guest login ok, send your email address as password.
 Sending: PASS des@flood.ping.uio.no
 Welcome to ftp.freesoftware.com - home FTP site for Walnut Creek CDROM.
 There are currently 609 users out of 5000 possible.
 [...]
 Guest login ok, access restrictions apply.
 Sending: TYPE I
 Type set to I.
 Sending: PASV
 Entering Passive Mode (216,66,64,162,41,235)
 Sending: CWD pub
 CWD command successful.
 Sending: CWD FreeBSD
 CWD command successful.
 Sending SIZE README.TXT
 6139
 Sending MDTM README.TXT
 19991225011500
 Sending PASV
 Entering Passive Mode (216,66,64,162,41,242)
 Sending: RETR README.TXT
 Opening BINARY mode data connection for 'README.TXT' (6139 bytes).
 Receiving README.TXT (6139 bytes)Sending: QUIT
 Transfer complete.
 Goodbye!
 Receiving README.TXT (6139 bytes): 100%
 6139 bytes transferred in 0.3 seconds  (22.48 Kbytes/s)
 
 4.0-STABLE and 5.0-CURRENT have the new fetch(1), which does not
 exhibit this bug either.
 
 DES
 -- 
 Dag-Erling Smorgrav - des@flood.ping.uio.no
 
>Unformatted:
