Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libunftp accepts successive PASS commands #361

Closed
robklg opened this issue Jun 2, 2021 · 1 comment
Closed

libunftp accepts successive PASS commands #361

robklg opened this issue Jun 2, 2021 · 1 comment
Assignees
@robklg
Labels
bug Something isn't working

Comments

@robklg
Copy link
Contributor

robklg commented Jun 2, 2021

This is not in accordance with RFC 959:

    PASSWORD (PASS)

       The argument field is a Telnet string specifying the user's
       password.  This command must be immediately preceded by the
       user name command, and, for some sites, completes the user's
       identification for access control.  Since password
       information is quite sensitive, it is desirable in general
       to "mask" it or suppress typeout.  It appears that the
       server has no foolproof way to achieve this.  It is
       therefore the responsibility of the user-FTP process to hide
       the sensitive password information.

("This command must be immediately preceded by the user name command")
@robklg robklg added the bug Something isn't working label Jun 2, 2021
@robklg robklg self-assigned this Jun 2, 2021
robklg added a commit that referenced this issue Jun 4, 2021
@robklg
Fix for #361 don't allow consecutive PASS commands
96f5809
robklg added a commit that referenced this issue Jun 4, 2021
@robklg
Fix for #361 don't allow consecutive PASS commands
f623d96
robklg added a commit that referenced this issue Jun 18, 2021
@robklg
Fix for #361 don't allow consecutive PASS commands
cf7e324
robklg added a commit that referenced this issue Jun 18, 2021
@robklg
Fix for #361 don't allow consecutive PASS commands (#367)
44b8c8e
@hannesdejager
Copy link
Collaborator

Fix available in v0.18.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robklg robklg

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hannesdejager @robklg