Dear all, in "ftp/cmds.c" the functions domap() and cp_subst() are causing infinite loops and segmentation faults, even segmentation faults during later use of history scrolling.
The legacy clients "ftp" in FreeBSD and OpenSolaris are correctly handling the cases below, so it is the modification of domap() calls and implementation for GNU Inetutils that compromise the code. An infinite loop arises from this ftp> cd /etc ftp> lcd /tmp ftp> nmap $1.$2 $1.[$2,txt] ftp> get motd It is text content in a chooser bracket that causes looping. For segmentation faults I have this surprising case ftp> cd /etc ftp> lcd /tmp ftp> nmap $1.$2 $1.$2 ftp> get resolv.conf *** segmentation fault with Glibc *** Observe that I specified an identity mapping. This and the next case abort with segmentation faults on GNU/Linux, but pass on OpenSolaris without abortion. It is certainly related to the following misnaming ftp> nmap $1.$2 $2.$1.new ftp> cd /etc ftp> lcd /tmp ftp> get resolv.conf local: conf.v.conf remote: resolv.conf ftp> get motd local: .motd.new remote: motd which shows that the parser backsubstitutes the name as "conf.v.conf" instead of the expected "conf.resolv.new". This misnaming appears on OpenSolaris, but as said, results in a segmentation fault on GNU/Linux. Thus it is writing into existing strings instead of allocation new room. I just pushed some small code audit changes, but the errors cites above need more scrutiny before I commit anything. Can someone find more test cases for other error conditions? Regards, Mats E A
