Hi Dave,
Thank you very much for pointing this. Fixed
AUTH.java.
You are absolutely right about RequestHandler class.
It has been fixed.
ISsl ssl = fconfig.getSocketFactory().getSSL();
Thanks,
Rana Bhattacharyya
--- Dave Roberts <[EMAIL PROTECTED]>
wrote:
> Found an missing return in
> org.apache.ftpserver.command.AUTH.java.
> Around line 55 there is the following code:-
>
> // check SSL configuration
> IFtpConfig fconfig = handler.getConfig();
> Log log =
> fconfig.getLogFactory().getInstance(getClass());
> if(fconfig.getSocketFactory().getSSL() ==
> null) {
> out.send(431, "AUTH", null);
> }
>
> A return or an else is needed after sending the 431
> response,
> otherwise it drops into the rest of the code and
> gets out of sync.
>
> Also, following on from that we have:-
>
> handler.createSecureSocket("SSL");
>
> And in RequestHandler.createSecureSocket() it gets
> the SSL from the
> DataConnectionConfig.
>
> ISsl ssl =
> m_fconfig.getDataConnectionConfig().getSSL();
>
> Should this be the normal socket config because
> we're dealing with
> the Control channel initially? Otherwise you cannot
> configure the
> system to only secure the control channel (not that
> you would want
> to), but it means that in the config youhave to set
> the
> socket-factory.ssl stuff as well as the
> data-connection.ssl stuff.
>
> - Dave.
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
