#1511 closed defect (fixed)

ftpd: RETR of a directory should fail

Reported by: Sebastian Huber Owned by: Sebastian Huber
Priority: normal Milestone: 4.10
Component: network/legacy Version: 4.10
Severity: normal Keywords:
Cc: Blocked By:


Reported via the mailing list by Arnout Vandecappelle <arnout@…>:

When an FTP client performs a RETR of a directory, ftpd will
blindly open() the directory and send its contents. This results
in a binary blob being sent to the client. Mozilla (among others)
always tries a RETR on a path before listing it; if the RETR doesn't
fail, you'll see the binary contents instead of the directory list.

This patch makes sure that RETR fails if the given path is a

Signed-off-by: Arnout Vandecappelle <arnout@…>


src/cpukit/ftpd/ftpd.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/src/cpukit/ftpd/ftpd.c b/src/cpukit/ftpd/ftpd.c
index d10aad3..dc84e3a 100644
--- a/src/cpukit/ftpd/ftpd.c
+++ b/src/cpukit/ftpd/ftpd.c
@@ -795,6 +795,7 @@ command_retrieve(FTPD_SessionInfo_t *info, char const

int s = -1;
int fd = -1;
char buf[FTPD_DATASIZE];

+ struct stat stat_buf;

int res = 0;


@@ -809,6 +810,12 @@ command_retrieve(FTPD_SessionInfo_t *info, char const



+ if (fstat(fd, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode))
+ {
+ send_reply(info, 550, "Is a directory.");
+ return;
+ }


s = data_socket(info);

-- tg: (74d876d..) t/ftpd_no_retr_dir (depends on: rtems-4.10pre-cvs)

Attachments (1)

ftpd.patch (771 bytes) - added by Sebastian Huber on May 6, 2010 at 10:25:01 AM.
Fixed patch.

Download all attachments as: .zip

Change History (3)

Changed on May 6, 2010 at 10:25:01 AM by Sebastian Huber

Attachment: ftpd.patch added

Fixed patch.

comment:1 Changed on May 6, 2010 at 10:25:01 AM by Sebastian Huber

Owner: changed from Eric Norum to Sebastian Huber
Status: newassigned

comment:2 Changed on May 7, 2010 at 8:07:44 AM by Sebastian Huber

Resolution: fixed
Status: assignedclosed

Committed to CVS head.

Note: See TracTickets for help on using tickets.