Updated to v2.0.7

Changelog

@@ -975,3 +975,20 @@ to require fully valid / authentic client certs. No cert-based auth yet.
 
 At this point: v2.0.6 released!
 ===============================
+
+- Fix finding libcap for the link on Slackware systems, thanks to Roman
+Kravchenko <[email protected]>.
+- Fix build on Solaris 2.8 due to non-standard C, thanks to IIDA Yosiaki
+<[email protected]>.
+- Fix man page typo, thanks Matt Selsky <[email protected]>.
+- Bring the PASV listen() into the bind() retry loop to resolve a race under
+extreme load. Thanks to Curtis Taylor <[email protected]>.
+- Enhance logging for debug_ssl.
+- Shutdown the SSL data connections properly. This prevents clients such as
+recent FileZilla from complaining. Reported by various people.
+- Add option to enforce proper SSL shutdown on uploads. Left it off after much
+agonizing because clients are so broken in this area.
+- Add option to delete failed uploads.
+
+At this point: v2.0.7 released!
+===============================

README

@@ -1,4 +1,4 @@
-This is vsftpd, version 2.0.6
+This is vsftpd, version 2.0.7
 Author: Chris Evans
 Contact: [email protected]
 Website: http://vsftpd.beasts.org/

ftpdataio.c

@@ -51,9 +51,10 @@ static int write_dir_list(struct vsf_session* p_sess,
                           enum EVSFRWTarget target);
 static unsigned int get_chunk_size();
 
-void
+int
 vsf_ftpdataio_dispose_transfer_fd(struct vsf_session* p_sess)
 {
+  int dispose_ret = 1;
   int retval;
   if (p_sess->data_fd == -1)
   {
@@ -64,7 +65,7 @@ vsf_ftpdataio_dispose_transfer_fd(struct vsf_session* p_sess)
   vsf_sysutil_uninstall_io_handler();
   if (p_sess->p_data_ssl != 0)
   {
-    ssl_data_close(p_sess);
+    dispose_ret = ssl_data_close(p_sess);
   }
   /* This close() blocks because we set SO_LINGER */
   retval = vsf_sysutil_close_failok(p_sess->data_fd);
@@ -76,6 +77,7 @@ vsf_ftpdataio_dispose_transfer_fd(struct vsf_session* p_sess)
   }
   vsf_sysutil_clear_alarm();
   p_sess->data_fd = -1;
+  return dispose_ret;
 }
 
 int

ftpdataio.h

@@ -15,8 +15,11 @@ struct vsf_session;
  * timeout goes off, or the connection is severed).
  * PARAMETERS
  * p_sess       - the current FTP session object
+ * RETURNS
+ * 1 on success, 0 otherwise.
+ * 
  */
-void vsf_ftpdataio_dispose_transfer_fd(struct vsf_session* p_sess);
+int vsf_ftpdataio_dispose_transfer_fd(struct vsf_session* p_sess);
 
 /* vsf_ftpdataio_get_pasv_fd()
  * PURPOSE

parseconf.c

@@ -102,6 +102,10 @@ parseconf_bool_array[] =
   { "debug_ssl", &tunable_debug_ssl },
   { "require_cert", &tunable_require_cert },
   { "validate_cert", &tunable_validate_cert },
+  { "strict_ssl_read_eof", &tunable_strict_ssl_read_eof },
+  { "strict_ssl_write_shutdown", &tunable_strict_ssl_write_shutdown },
+  { "ssl_request_cert", &tunable_ssl_request_cert },
+  { "delete_failed_uploads", &tunable_delete_failed_uploads },
   { 0, 0 }
 };
 

postlogin.c

@@ -568,19 +568,22 @@ handle_pasv(struct vsf_session* p_sess, int is_epsv)
     retval = vsf_sysutil_bind(p_sess->pasv_listen_fd, s_p_sockaddr);
     if (!vsf_sysutil_retval_is_error(retval))
     {
-      break;
+      retval = vsf_sysutil_listen(p_sess->pasv_listen_fd, 1);
+      if (!vsf_sysutil_retval_is_error(retval))
+      {
+        break;
+      }
     }
     if (vsf_sysutil_get_error() == kVSFSysUtilErrADDRINUSE)
     {
       continue;
     }
-    die("vsf_sysutil_bind");
+    die("vsf_sysutil_bind / listen");
   }
   if (!bind_retries)
   {
     die("vsf_sysutil_bind");
   }
-  vsf_sysutil_listen(p_sess->pasv_listen_fd, 1);
   if (is_epsv)
   {
     str_alloc_text(&s_pasv_res_str, "Entering Extended Passive Mode (|||");
@@ -718,7 +721,10 @@ handle_retr(struct vsf_session* p_sess)
   }
   trans_ret = vsf_ftpdataio_transfer_file(p_sess, remote_fd,
                                           opened_file, 0, is_ascii);
-  vsf_ftpdataio_dispose_transfer_fd(p_sess);
+  if (vsf_ftpdataio_dispose_transfer_fd(p_sess) != 1 && trans_ret.retval == 0)
+  {
+    trans_ret.retval = -2;
+  }
   p_sess->transfer_size = trans_ret.transferred;
   /* Log _after_ the blocking dispose call, so we get transfer times right */
   if (trans_ret.retval == 0)
@@ -863,7 +869,10 @@ handle_dir_common(struct vsf_session* p_sess, int full_details, int stat_cmd)
   }
   if (!stat_cmd)
   {
-    vsf_ftpdataio_dispose_transfer_fd(p_sess);
+    if (vsf_ftpdataio_dispose_transfer_fd(p_sess) != 1 && retval == 0)
+    {
+      retval = -1;
+    }
   }
   if (stat_cmd)
   {
@@ -972,6 +981,8 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique)
   struct vsf_transfer_ret trans_ret;
   int new_file_fd;
   int remote_fd;
+  int success = 0;
+  int created = 0;
   filesize_t offset = p_sess->restart_pos;
   p_sess->restart_pos = 0;
   if (!data_transfer_checks_ok(p_sess))
@@ -1018,6 +1029,7 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique)
     vsf_cmdio_write(p_sess, FTP_UPLOADFAIL, "Could not create file.");
     return;
   }
+  created = 1;
   vsf_sysutil_fstat(new_file_fd, &s_p_statbuf);
   if (vsf_sysutil_statbuf_is_regfile(s_p_statbuf))
   {
@@ -1075,11 +1087,14 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique)
     trans_ret = vsf_ftpdataio_transfer_file(p_sess, remote_fd,
                                             new_file_fd, 1, 0);
   }
-  vsf_ftpdataio_dispose_transfer_fd(p_sess);
+  if (vsf_ftpdataio_dispose_transfer_fd(p_sess) != 1 && trans_ret.retval == 0)
+  {
+    trans_ret.retval = -2;
+  }
   p_sess->transfer_size = trans_ret.transferred;
-  /* XXX - handle failure, delete file? */
   if (trans_ret.retval == 0)
   {
+    success = 1;
     vsf_log_do_log(p_sess, 1);
   }
   if (trans_ret.retval == -1)
@@ -1098,6 +1113,10 @@ handle_upload_common(struct vsf_session* p_sess, int is_append, int is_unique)
 port_pasv_cleanup_out:
   port_cleanup(p_sess);
   pasv_cleanup(p_sess);
+  if (tunable_delete_failed_uploads && created && !success)
+  {
+    str_unlink(p_filename);
+  }
   vsf_sysutil_close(new_file_fd);
 }
 

privops.c

@@ -44,6 +44,7 @@ vsf_privop_get_ftp_port_sock(struct vsf_session* p_sess)
    */
   for (i = 0; i < 2; ++i)
   {
+    double sleep_for;
     vsf_sysutil_sockaddr_clone(&p_sockaddr, p_sess->p_local_addr);
     vsf_sysutil_sockaddr_set_port(p_sockaddr, tunable_ftp_data_port);
     retval = vsf_sysutil_bind(s, p_sockaddr);
@@ -55,7 +56,7 @@ vsf_privop_get_ftp_port_sock(struct vsf_session* p_sess)
     {
       die("vsf_sysutil_bind");
     }
-    double sleep_for = vsf_sysutil_get_random_byte();
+    sleep_for = vsf_sysutil_get_random_byte();
     sleep_for /= 256.0;
     sleep_for += 1.0;
     vsf_sysutil_sleep(sleep_for);

readwrite.c

@@ -51,11 +51,11 @@ ftp_write_str(const struct vsf_session* p_sess, const struct mystr* p_str,
 }
 
 int
-ftp_read_data(const struct vsf_session* p_sess, char* p_buf, unsigned int len)
+ftp_read_data(struct vsf_session* p_sess, char* p_buf, unsigned int len)
 {
   if (p_sess->data_use_ssl)
   {
-    return ssl_read(p_sess->p_data_ssl, p_buf, len);
+    return ssl_read(p_sess, p_buf, len);
   }
   else
   {

readwrite.h

@@ -12,8 +12,7 @@ enum EVSFRWTarget
 
 int ftp_write_str(const struct vsf_session* p_sess, const struct mystr* p_str,
                   enum EVSFRWTarget target);
-int ftp_read_data(const struct vsf_session* p_sess, char* p_buf,
-                  unsigned int len);
+int ftp_read_data(struct vsf_session* p_sess, char* p_buf, unsigned int len);
 int ftp_write_data(const struct vsf_session* p_sess, const char* p_buf,
                    unsigned int len);
 void ftp_getline(const struct vsf_session* p_sess, struct mystr* p_str,