forked from lyndon160/vsftpd-backdoor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
BUGS
22 lines (19 loc) · 1.02 KB
/
BUGS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
BUGS
====
This file, surprisingly enough, contains a list of known outstanding bugs
in the program. Bugs that get documented here are typically not particularly
serious, and may never get fixed. Serious bugs will get fixed immediately.
- RFC compliance: if we get no PORT or PASV, looks like we're supposed to
assume a PORT to the same IP as control connection, and port 20.
- RFC compliance: shouldn't include directories in NLST. Note that wu-ftpd
complies here, almost all other FTPd's don't
- ls <existing but unreadable dir> should list nothing, but it lists the
directory name itself
- In ASCII mode, the SIZE command needs to take into account the size of
the file _after_ ASCII linefeed mangling?
- ASCII mode uploads: we're only supposed to remove \r if they preceed \n,
but I rip them out unconditionally.
- Security model: vsf_privop_get_ftp_port_sock() should probably do the
connect() to the remote location itself.
- If someone has one of the timeouts (command, data) setup, but not the other,
then timeout will behave whackily.