[PATCH] ftpd: RETR of a directory should fail

[Arnout Vandecappelle]

When an FTP client performs a RETR of a directory, ftpd will
blindly open() the directory and send its contents.  This results
in a binary blob being sent to the client.  Mozilla (among others)
always tries a RETR on a path before listing it; if the RETR doesn't
fail, you'll see the binary contents instead of the directory list.

This patch makes sure that RETR fails if the given path is a
directory.

Signed-off-by: Arnout Vandecappelle <arnout at mind.be>

---
 src/cpukit/ftpd/ftpd.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/src/cpukit/ftpd/ftpd.c b/src/cpukit/ftpd/ftpd.c
index d10aad3..dc84e3a 100644
--- a/src/cpukit/ftpd/ftpd.c
+++ b/src/cpukit/ftpd/ftpd.c
@@ -795,6 +795,7 @@ command_retrieve(FTPD_SessionInfo_t  *info, char const 
*filename)
   int                 s = -1;
   int                 fd = -1;
   char                buf[FTPD_DATASIZE];
+  struct stat         stat_buf;
   int                 res = 0;
 
   if(!can_read())
@@ -809,6 +810,12 @@ command_retrieve(FTPD_SessionInfo_t  *info, char const 
*filename)
     return;
   }
 
+  if (fstat(fd, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode))
+  {
+    send_reply(info, 550, "Is a directory.");
+    return;
+  }
+
   send_mode_reply(info);
 
   s = data_socket(info);
-- 
tg: (74d876d..) t/ftpd_no_retr_dir (depends on: rtems-4.10pre-cvs)

-- 
Arnout Vandecappelle                               arnout at mind be
Senior Embedded Software Architect                 +32-16-286540
Essensium/Mind                                     http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium                BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  31BB CF53 8660 6F88 345D  54CC A836 5879 20D7 CF43