1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1069675: pure-ftpd broken APPE after STOU

    From Federico Sabbatini@21:1/5 to All on Mon Apr 22 16:40:02 2024
    Package: pure-ftpd
    Version: 1.0.50

    When I run a STOU command I can't run an APPE properly. It seems to run a
    STOR instead. Here is an example using Python's ftplib.

    ```python
    #!/usr/bin/env python3
    from ftplib import FTP


    pureftp = FTP('ftphost')
    pureftp.login('username', 'password')
    pureftp.cwd('/www')
    pureftp.set_debuglevel(1)

    # If you comment these two lines it does work
    with open('/etc/passwd', 'rb') as f:
    pureftp.storbinary('STOU', f)


    with open('/etc/passwd', 'rb') as f:
    pureftp.storbinary('STOR test1', f)
    with open('/etc/hosts', 'rb') as f:
    pureftp.storbinary('APPE test1', f)
    a = []
    pureftp.retrbinary('RETR test1', a.append)
    print(len(b''.join(a)))

    pureftp.quit()

    # pure-ftpd logs:
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [cwd] [/www]
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [type] [I]
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [pasv] []
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [stou] []
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [NOTICE] /ftproot/www/pureftpd.66266b3c.02.0000 uploaded (2638 bytes, 1228.57KB/sec)
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [cwd] [/www]
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [type] [I]
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [pasv] []
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [stor] [test1]
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [NOTICE] /ftproot/www/test1 uploaded (2638 bytes, 1558.52KB/sec)
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [type] [I]
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [pasv] []
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [appe] [test1]
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [NOTICE] /ftproot/www/test1 uploaded (1124 bytes, 750.19KB/sec)
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [type] [I]
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [pasv] []
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [DEBUG]
    Command [retr] [test1]
    # Apr 22 13:50:52 ftphost pure-ftpd: (username@192.168.74.254) [NOTICE] /ftproot/www/test1 downloaded (1124 bytes, 3420.43KB/sec)
    ```

    As you can see from the logs, it uploads 2638 bytes with STOU to a file with
    a random name.
    Then it creates a new file (named test1) with 2368 bytes. Then it appends another 1124 bytes to the same file.
    As you can see from the RETR, the retrieved bytes are only 1124 instead of
    the expected 3762 (it only contains /etc/hosts instead of passwd + hosts).
    It means it interpreted APPE as STOR after a STOU was performed.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)