Go Back   FlashFXP Forums > > > >

Bug Reports Report bugs here. (non-beta releases only)

 
 
Thread Tools Display Modes
Old 08-18-2003, 03:01 AM   #1
phrek
Junior Member
 
Join Date: Aug 2003
Posts: 6
Default Proxy/TLS bug in latest -- 2.1 (924)

I have found a bug with the handling of proxy/tls listings in flash. It doesnt seem to handle list connections (i havent checked download/upload/fxp connections) over ssl with a proxy.

flash connects fine over ssl/tls with a proxy, however, when the ftp server option "Secure File Listing" is selected it does not work as it should. I believe it initiates the tlsneg() on the wrong ip, on the proxy ip instead of the ip given from the pasv command. For example (in this test i am using proxy server type 12. USER ftp-user@ftp-host:ftp-port):

PWD
257 "/" is current directory.
PROT P
200 Protection set to Private
PASV
227 Entering Passive Mode (*,*,*,*,182,189)
LIST -al
Negotiating SSL/TLS session...
150 Opening ASCII mode data connection for directory listing.

At this point it is supposed to open a socket to *.*.*.* on port 46781, but it does'nt. I think it accidentally tries to open the socket on the actual proxy server on that port, insead of using the real server's ip from the pasv command. I have tested with this various ftps and executed the session manually over a socket with tcl and have come to the conclusion it is not the ftpd or proxy that doesn't support it, but that flash is simply not opening the session to the right ip. I do suspect though the same problem probably exists with download/upload transfer but I have not confirmed that.

Please advise... I have read over ftp://ftp.isi.edu/internet-drafts/dr...ftp-ssl-11.txt thoroughly and have no other explanation as to why it is not working other than flash is initiating the tls negotation on the wrong ip address.
phrek is offline  
Old 08-18-2003, 04:47 AM   #2
phrek
Junior Member
 
Join Date: Aug 2003
Posts: 6
Default update

i did netstat while it was trying to negotiate the tls/ssl session ... it does use the correct servers ip and port, so there must be something else wrong that I cant guess what is...I have tested it without the proxy and it flashfxp can list find over ssl with the ftp im testing it with, but over a proxy it has trouble listing, which should not make a difference since the client connects to the server with the given pasv response and not the other away around -- please advise! =\
phrek is offline  
Old 08-18-2003, 04:51 AM   #3
phrek
Junior Member
 
Join Date: Aug 2003
Posts: 6
Default

i have issued the commands manually over the proxy up to the list -al and have opened up the socket on my computer locally for the list and initiate the handshake myself manully and it works fine ... so I can come up with no reason why it does not work in flash =\
phrek is offline  
Old 08-18-2003, 05:24 AM   #4
phrek
Junior Member
 
Join Date: Aug 2003
Posts: 6
Default

yet another update, this shows that it is using the wrong ip for when connected to the proxy, in this example im running the proxy locally... il post the entire session... tho in this case however it used the wrong ip because it didnt issue PBSZ before the PROT command and so it used the proxy ip...

[06:16:38] Connecting to ftp.runestig.com via Proxy (127.0.0.1:49999)
[06:16:38] Ident Server: Unable to listen on port 113
[06:16:38] 220 440 880 1760 3520 7040 14080 28160 56320 112640 225280 450560 901120 1802240
[06:16:38] USER phrek
[06:16:38] 331 662 1324 2648 5296 10592 21184 42368 84736 169472 338944 677888 1355776
[06:16:38] PASS (hidden)
[06:16:38] 230 460 920 1840 3680 7360 14720 29440 58880 117760 235520 471040 942080 1884160
[06:16:38] USER anonymous@ftp.runestig.com
[06:16:45] 331 Guest login ok, send your email address as password.
[06:16:45] PASS (hidden)
[06:16:45] 240 Proxy Login Successful
[06:16:45] SYST
[06:16:45] 230 Guest login ok, access restrictions apply.
[06:16:45] REST 100
[06:16:46] 215 UNIX Type: L8
[06:16:46] This site may not allow file resuming
[06:16:46] PWD
[06:16:46] 350 Restarting at 579844224459997284.
[06:16:46] TYPE A
[06:16:46] 257 "/" is current directory.
[06:16:46] PROT P
[06:16:47] 200 Type set to A.
[06:16:47] PASV
[06:16:47] 503 You must issue the PBSZ command prior to PROT
[06:16:47] PORT 127,0,0,1,10,50
[06:16:47] 227 Entering Passive Mode (62,108,199,166,233,51)
[06:16:48] 500 Illegal PORT rejected (address wrong).
[06:17:20] QUIT
[06:17:20] Logged off: ftp.runestig.com
phrek is offline  
Old 08-18-2003, 05:49 AM   #5
phrek
Junior Member
 
Join Date: Aug 2003
Posts: 6
Default

anyways to demonstrate what i was saying before that it doesnt work over proxy ... even if you issue the pbsz command first ... i manually entered it first and then listed and it hung just like on the other sites through the proxy.... ie this..

[06:40:40] Logged off: ftp.runestig.com
[06:40:47] Connecting to ftp.runestig.com via Proxy (127.0.0.1:49999)
[06:40:47] Ident Server: Unable to listen on port 113
[06:40:47] 220 440 880 1760 3520 7040 14080 28160 56320 112640 225280 450560 901120 1802240
[06:40:47] USER phrek
[06:40:47] 331 662 1324 2648 5296 10592 21184 42368 84736 169472 338944 677888 1355776
[06:40:47] PASS (hidden)
[06:40:47] 230 460 920 1840 3680 7360 14720 29440 58880 117760 235520 471040 942080 1884160
[06:40:47] USER anonymous@ftp.runestig.com
[06:40:51] 331 Guest login ok, send your email address as password.
[06:40:51] PASS (hidden)
[06:40:51] 240 Proxy Login Successful
[06:40:51] SYST
[06:40:52] 230 Guest login ok, access restrictions apply.
[06:40:52] REST 100
[06:40:52] 215 UNIX Type: L8
[06:40:52] This site may not allow file resuming
[06:40:52] CWD /
[06:40:52] 350 Restarting at 579844224459997284.
[06:40:52] PWD
[06:40:53] 250 CWD command successful.
[06:40:53] 257 "/" is current directory.
[06:40:53] PWD
[06:40:54] 257 "/" is current directory.
[06:40:54] List (cached)
[06:40:54] List Complete.
[06:40:57] PBSZ 1
[06:40:58] 200 PBSZ=0 successful
[06:40:58] TYPE A
[06:40:59] 200 Type set to A.
[06:40:59] PROT P
[06:41:00] 200 Protection set to Private
[06:41:00] PASV
[06:41:01] 227 Entering Passive Mode (62,108,199,166,233,144)
[06:41:01] LIST -al
[06:41:01] Negotiating SSL/TLS session...
[06:41:02] 150 Opening ASCII mode data connection for '/bin/ls'.
[06:43:21] QUIT
[06:43:21] Logged off: ftp.runestig.com

when it got to [06:41:02] 150 Opening ASCII mode data connection for '/bin/ls'. it just hung there.. i checked net stat and it was trying to connect to the right ip and port for list but it just wasn't working .... please advise =\
phrek is offline  
Old 08-18-2003, 05:57 AM   #6
phrek
Junior Member
 
Join Date: Aug 2003
Posts: 6
Default

in case you dont think it works on that site (it does) i did it in tcl with sockets using the tls1.4 package:

(bin) 145 % set sock [tls::socket arthur.runestig.com 21]
sock556
(bin) 146 % proc bahga {sock} {
> if {[eof $sock] || [catch {gets $sock line}]} {
> close $sock
> } else {
> puts $line
> }
> }
(bin) 147 % fconfigure $sock -buffering line
(bin) 148 % fileevent $sock readable[list bahga $sock]
(bin) 149 % set sock [socket arthur.runestig.com 21]
sock608
(bin) 150 % proc bahga {sock} {
> if {[eof $sock] || [catch {gets $sock line}]} {
> close $sock
> } else {
> puts $line
> }
> }
(bin) 151 % fconfigure $sock -buffering line
(bin) 152 % fileevent $sock readable[list bahga $sock]
220 arthur.runestig.com FTP server (Version 6.5/OpenBSD TLS) ready.
(bin) 153 % puts $sock "AUTH TLS"
234 AUTH TLS successful
(bin) 154 % tls::import $sock -require false -tls1 true
sock608
(bin) 155 % tls::handshake $sock
1
(bin) 156 % puts $sock "USER anonymous"
331 Guest login ok, send your email address as password.

(bin) 157 % puts $sock "PASS anonymous"
230 Guest login ok, access restrictions apply.

(bin) 159 % puts "PBSZ 1"
PBSZ 1
(bin) 160 % puts $sock "PBSZ 1"
200 PBSZ=0 successful

(bin) 161 % puts $sock "PROT P"
200 Protection set to Private

(bin) 162 % puts $sock "PASV"
(bin) 163 % 227 Entering Passive Mode (62,108,199,166,233,155)


(bin) 163 % 8216 233,155
59803
(bin) 164 % set sock2 [socket 62.108.199.166 59803]
sock612
(bin) 165 % fconfigure $sock2 -buffering line
(bin) 166 %
(bin) 166 % proc bahg2 {sock} {
> if {[eof $sock] || [catch {gets $sock line}]} {
> close $sock
> } else {
> puts stdout $line
> }
> }
(bin) 167 %
(bin) 167 % fileevent $sock2 readable[list bahg2 $sock2]
(bin) 168 % puts $sock "LIST"
(bin) 169 % 150 Opening ASCII mode data connection for '/bin/ls'.


(bin) 169 % tls::import $sock2 -require false -tls1 true
sock612
(bin) 170 % tls::handshake $sock2
1
226 Transfer complete.

total 8

dr-xr-xr-x 2 root root 40 Aug 6 1999 bin

dr-xr-xr-x 2 root root 31 Jan 9 2002 etc

dr-xr-xr-x 2 root root 132 Nov 24 2001 lib

dr-xrwxr-x 15 ftp 669 4096 May 16 13:04 pub
phrek is offline  
Old 09-03-2003, 09:54 PM   #7
Chrysalis
Senior Member
FlashFXP Beta Tester
 
Join Date: Apr 2002
Posts: 136
Default

phrek where did you get build 924 from or is it another shareware only rls?
Chrysalis is offline  
Old 09-04-2003, 09:40 AM   #8
MxxCon
Super Duper
FlashFXP Beta Tester
 
Join Date: Oct 2001
Location: Brooklyn, NY
Posts: 3,881
Default

Quote:
Originally posted by Chrysalis
phrek where did you get build 924 from or is it another shareware only rls?
difference in builds 922-924 affect only unregistred users, that's why it's not posted on liveupdate.
__________________
[Sig removed by Administrator: Signature can not exceed 20GB]
MxxCon is offline  
Old 09-04-2003, 11:30 AM   #9
Chrysalis
Senior Member
FlashFXP Beta Tester
 
Join Date: Apr 2002
Posts: 136
Default

Where is it posted then?
Chrysalis is offline  
Old 09-04-2003, 05:48 PM   #10
MxxCon
Super Duper
FlashFXP Beta Tester
 
Join Date: Oct 2001
Location: Brooklyn, NY
Posts: 3,881
Default

Quote:
Originally posted by Chrysalis
Where is it posted then?
main download page
__________________
[Sig removed by Administrator: Signature can not exceed 20GB]
MxxCon is offline  
Old 09-04-2003, 07:33 PM   #11
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

I am aware of this bug, i have prefixed this thread with {?} to denote this. I will post to the thread when I have new information or have resolved the problem.
bigstar is offline  
Old 09-28-2003, 12:24 PM   #12
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

I believe I have isolated the problem.

I'll be publishing a public beta release in a week or two here on the message board. (This release will contain other changes/fixes as well)
bigstar is offline  
 

Tags
flash, pasv, proxy, server, socket

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Connection and Filesize Problem junky General Discussion 6 12-07-2004 11:46 AM


All times are GMT -5. The time now is 03:58 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)