From tri@pooh.tky.hut.fi  Thu Apr  9 06:58:28 1998
Received: from santra.hut.fi (santra.hut.fi [130.233.224.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA28954
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 9 Apr 1998 06:58:27 -0700 (PDT)
          (envelope-from tri@pooh.tky.hut.fi)
Received: from pooh.tky.hut.fi (pooh.tky.hut.fi [130.233.23.135])
	by santra.hut.fi (8.8.8/8.8.7) with ESMTP id QAA29308
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 9 Apr 1998 16:58:23 +0300 (EET DST)
Received: (from tri@localhost)
	by pooh.tky.hut.fi (8.8.8/8.8.8) id QAA10554;
	Thu, 9 Apr 1998 16:58:22 +0300 (EEST)
	(envelope-from tri)
Message-Id: <199804091358.QAA10554@pooh.tky.hut.fi>
Date: Thu, 9 Apr 1998 16:58:22 +0300 (EEST)
From: "Timo J. Rinne" <tri@pooh.tky.hut.fi>
Reply-To: tri@pooh.tky.hut.fi
To: FreeBSD-gnats-submit@freebsd.org
Subject: ftp client follows NULL pointer
X-Send-Pr-Version: 3.2

>Number:         6254
>Category:       bin
>Synopsis:       ftp client follows NULL pointer
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr  9 07:00:01 PDT 1998
>Closed-Date:    Mon Apr 13 16:37:28 PDT 1998
>Last-Modified:  Mon Apr 13 16:38:46 PDT 1998
>Originator:     Timo J. Rinne
>Release:        FreeBSD 3.0-971225-SNAP i386
>Organization:
Helsinki University of Technology
>Environment:

	ftp in i386 version of FreeBSD current

>Description:

	Hit C-d to ftp client when it asks for username.  It sends
	garbage to the remote end and receives password query for
	user that has id containing garbage.

>How-To-Repeat:

	ftp my-ftp-server

	Connected to my-ftp-server.
	220 taulu.ssh.fi FTP server (Version 6.00) ready.
	Name (taulu:tri): 
    *** Control-D here with no username.
	331 Password required for 0ο.
	Password:	

>Fix:

	Should be simple.  Exit if NULL returned by username query.

>Release-Note:
>Audit-Trail:

From: Max Euston <meuston@jmrodgers.com>
To: "'tri@pooh.tky.hut.fi'" <tri@pooh.tky.hut.fi>,
        "FreeBSD-gnats-submit@FreeBSD.ORG" <FreeBSD-gnats-submit@FreeBSD.ORG>
Cc:  Subject: RE: bin/6254: ftp client follows NULL pointer
Date: Thu, 9 Apr 1998 15:06:30 -0400

 On Thursday, April 09, 1998 9:58 AM, Timo J. Rinne 
 [SMTP:tri@pooh.tky.hut.fi] wrote:
 > 	ftp my-ftp-server
 >
 > 	Connected to my-ftp-server.
 > 	220 taulu.ssh.fi FTP server (Version 6.00) ready.
 > 	Name (taulu:tri):
 >     *** Control-D here with no username.
 > 	331 Password required for 0I?.
 > 	Password:	
 >
 
 Are you sure you are running 'ftp' (client) *from* a FreeBSD box :-)?  I 
 have seen this happen when running 'ftp' from another system to connect to 
 'ftpd' (server) on a FreeBSD box.
 
 If you start 'ftp' with the '-d' (debug) option, it will show you what 
 commands the client ('ftp') is sending to the server ('ftpd').  On my 
 -STABLE system, 'ftp -d <FreeBSD-box>' does *not* send a 'USER ' command 
 when you enter Control-D at the 'Name (xxx:xxx):' prompt.  On an AT&T 
 system with 'ftp -d <FreeBSD-box>', the Control-D sends "garbage" 
 (unterminated string?) as you described, to 'ftpd' on the FreeBSD machine.
 
 If this is the case, I don't think that the 'ftpd' server on FreeBSD cou  
 ld/should try to verify the user name (feel free to convince me otherwise 
 :-)).  If other clients ('ftp') send 'USER <garbage>', how would we verify 
 user names with non-ascii character sets (i.e. with high bit set)?  (I am 
 by no means an expert when it comes to non-US character sets).
 
 Hope this helps.
 
 Max
 -----
 Max Euston <meuston@jmrodgers.com>
 
State-Changed-From-To: open->closed 
State-Changed-By: steve 
State-Changed-When: Mon Apr 13 16:37:28 PDT 1998 
State-Changed-Why:  
This has been fixed by in both -stable and -current.  Thanks 
to Max Euston for pointing this out. 
>Unformatted:
