cURL / Mailing Lists / curl-library / Single Mail

curl-library

Issue with FTP CCC command

From: Mehmet Bozkurt <mehmet.bozkurt_at_xware.se>
Date: Thu, 14 Apr 2011 17:51:44 +0200

Hello!

I've run into an issue with the CCC command. I've configured libcurl to
issue it after the TLS/SSL handshake is done. However, this causes an
'Access violation' in the libcurl library. I've tried a similar scenario
using curl.exe and the same crash occurs.

I'm running libcurl 7.21.1. Has anyone else seen this?

I've done some debugging and it seems that after Curl_ossl_shutdown
(ssluse.c) is run, the following "PWD" command is sent over the SSL
socket, which has been closed, instead of the 'plain' socket.

In Curl_write (sendf.c) there is a selection of which method to use to
write the "PWD" command:

...
int num = (sockfd == conn->sock[SECONDARYSOCKET]);
bytes_written = conn->send[num](conn, num, mem, len, &curlcode);
...
Here num becomes 0 and the conn->send[num].... call ends up in
SSL_write, with an invalid SSL handle, which in turn causes a crash.

I downloaded curl.exe 7.21.4 and tried; crash here as well.
My command line:
>curl -k --ftp-ssl --ftp-ssl-ccc -T file.txt -u user:pass
ftp://192.168.34.132:8990/updir/

Verbose:
* Connected to 192.168.34.132 (192.168.34.132) port 8990 (#0)
< 220 Titan FTP Server 8.32.1242 Ready.
> AUTH SSL
< 234 Security data exchange complete.
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using RC4-MD5
* Server certificate:
......
* SSL certificate verify result: self signed certificate (18),
continuing anyway.
> USER user
   0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0< 331 User name okay,
need password.
> PASS pass
< 230-Welcome ftpclientcase001 from 192.168.34.130. You are now logged
in to the server.
< 230 User logged in, proceed.
> PBSZ 0
< 200 Command OK. PBSZ=0
> PROT P
< 200 Encrypting Data Channel.
> CCC
< 200 Command OK.
* SSLv3, TLS alert, Client hello (1):
{ [data not shown]

Best regards,
Mehmet
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-04-14