Re: Multi format string bugs in IPAD x.x ftp server

[John Edwards <isplist () PINNACLE NET AU>]

Eric Fitzgerald wrote:
> If I'm reading this correct.  This appears to be format string bugs in your
> FTP client.  Not in the server (notice the seg fault took you too your
> prompt)

> > Connected to xxx.xxx.xxx.xxx.
> > 220 xxx.xxx.xxx.xxx FTP server (IPAD 2.52) ready
<snip>
> > ftp> site %s%s%s%s%s%s%s%s%s%s%s%s%s%s
> > Segmentation fault
> > [diab@epuj diab]$

Eric is right. I tested an IPAD 2.52 system with a linux ftp client and
saw the same results. When using the FreeBSD default ftp client I got
these results:

220 xxx.xxx.xxx.xxx FTP server (IPAD 2.52) ready at Wed Feb 21 09:18:41
2001
Name (xxx:xxx): anonymous
331 Anonymous logins ok. Please enter your e-mail address as password.
Password:
230 User anonymous logged in.
Remote system type is MSDOS.
ftp> site %x%x%x%x%x%x%x%x%x%x%x
500 Unknown command 'site %x%x%x%x%x%x%x%x%x%x%x'
ftp> site %s%s%s%s%s%s%s%s%s%s%s%s%s%s
500 Unknown command 'site %s%s%s%s%s%s%s%s%s%s%s%s%s%s'
ftp> site %p%p
500 Unknown command 'site %p%p'
ftp> site %c%c%c%c
500 Unknown command 'site %c%c%c%c'

For those who don't know what an IPAD is, it's an all-in-one internet
server made by eSoft that runs on MS-DOS. It has a badly non-compliant
DNS server that can't receive replies bigger than 512 bytes, can't set
the aa flag on NS records, and refuses to resolve any host with IPv6
information in it's dns reply.

John Edwards