Package: vsftpd
Version: 3.0.3-12
Hi,
The pasv_address setting in vsftpd does not work if listen_ipv6 is set,
with no clear error message anywhere in the log about what is going on.
This setting is used for ftp servers behind a reverse NAT.
If used while listen_ipv6=YES (as in default sample configuration
shipped), the address specified in pasv_address is ignored, but instead
0.0.0.0 is used, even if the client did indeed connect via IPV4.
Analysis:
at the top of function handle_pasv(), vsftpd does the following:
int is_ipv6 = vsf_sysutil_sockaddr_is_ipv6(p_sess->p_local_addr);
... and then later:
if (!is_ipv6)
{
str_append_text(&s_pasv_res_str, vsf_sysutil_inet_ntop(s_p_sockaddr));
}
else
{
const void* p_v4addr = vsf_sysutil_sockaddr_ipv6_v4(s_p_sockaddr);
if (p_v4addr)
{
str_append_text(&s_pasv_res_str, vsf_sysutil_inet_ntoa(s_p_sockaddr));
}
else
{
str_append_text(&s_pasv_res_str, "0,0,0,0");
}
}
The first "if" goes into the second branch (address considered as IPv6).
The second "if" tests whether the s_p_sockaddr is indeed IPv6 (which it
is not), and if not falls back to 0,0,0,0
Shouldn't this be a single test?
const void* p_v4addr = vsf_sysutil_sockaddr_ipv6_v4(s_p_sockaddr);
if (p_v4addr)
{
str_append_text(&s_pasv_res_str, vsf_sysutil_inet_ntoa(s_p_sockaddr));
}
else
{
vsf_sysutil_inet_ntop(s_p_sockaddr);
}
... or something similar?
Or if for some reason this is not doable, at least loudly warn in the
log file if this condition occurs (pasv_address used along with
listen_ipv6=YES)
Thanks,
Alain
