Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:55378
Return-Path: <abrender@elitehosts.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 96194 invoked from network); 12 Sep 2011 05:00:26 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Sep 2011 05:00:26 -0000
Authentication-Results: pb1.pair.com smtp.mail=abrender@elitehosts.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=abrender@elitehosts.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain elitehosts.com from 209.67.29.110 cause and error)
X-PHP-List-Original-Sender: abrender@elitehosts.com
X-Host-Fingerprint: 209.67.29.110 webmail.elitehosts.com  
Received: from [209.67.29.110] ([209.67.29.110:36527] helo=ezri.elitehosts.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F8/70-26895-8E19D6E4 for <internals@lists.php.net>; Mon, 12 Sep 2011 01:00:25 -0400
Received: from al.secure.elitehosts.com ([209.67.23.117] helo=[192.168.40.6])
	by ezri.elitehosts.com with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.72)
	(envelope-from <abrender@elitehosts.com>)
	id 1R2yd3-0007yC-Ad
	for internals@lists.php.net; Mon, 12 Sep 2011 01:00:21 -0400
Message-ID: <4E6D91E5.9020900@elitehosts.com>
Date: Mon, 12 Sep 2011 01:00:21 -0400
Organization: Elite Hosts
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.21) Gecko/20110831 Thunderbird/3.1.13
MIME-Version: 1.0
To: internals@lists.php.net
References: <4E6B9466.6060608@elitehosts.com> <CABBJUpcPqMtjhjBiaDU=TaOOqCM6o0sdjDgjkJ0BDi_dmnP5jQ@mail.gmail.com> <CAEZPtU4_KBWd=82-svSeNH+-U=xGiLLhXTc52HT9=Sy2dunnYA@mail.gmail.com> <4E6D1340.6010408@elitehosts.com> <CAEZPtU6k_-9cEeGvnDzVcBP0xZ68aptUMhEqfc=CPJqsxt8p8Q@mail.gmail.com> <4E6D5263.60509@elitehosts.com> <CABBJUpcm6pnA3FbRz1_446ioruyq12jSpERWOG-GOgBi=16H1g@mail.gmail.com> <CABBJUpc4p8A0i7C7t6RKw+sEcirTArHPZ3JrjDfC+Kyz=J2DQg@mail.gmail.com>
In-Reply-To: <CABBJUpc4p8A0i7C7t6RKw+sEcirTArHPZ3JrjDfC+Kyz=J2DQg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [PATCH]#55651
From: abrender@elitehosts.com (Avi Brender)

I definitely agree that the problem is with a mis-configured FTP server 
returning a private RFC1918 IP address. That would happen if the FTP 
server was on a server behind a NAT gateway and the server only knew 
about it's local RFC1918 IP address and not it's internet-routable IP 
address. However, every other FTP client (including firezilla, wget and 
the CURL module in PHP) has no problem automatically detecting this and 
connecting to the IP address specified when connecting and not the one 
returned by the server in response to PASV. The FTP_USEPASVADDRESS 
setting would in fact cause the ftp extension to ignore the IP address 
returned by the server, however the default setting to that setting is 
TRUE which means that any existing code or future code using the ftp 
module will behave exactly as it does now. However, manually setting 
this setting to FALSE will help developers get around misconfigured FTP 
servers as virtually all other FTP clients (including php's curl 
extension) do. I found the need for this patch while debugging a script 
that our customer was running that was trying to connect to an FTP 
server in their office (described at 
http://www.elitehosts.com/blog/php-ftp-passive-ftp-server-behind-nat-nightmare/) 
so I believe that there is a real-world use case for this patch.

Yes, we're possibly allowing users to violate the protocol in order to 
successfully communicate with the FTP server, but only if they knowingly 
and explicitely set the variable FTP_USEPASVADDRESS to false, in which 
case it is safe to assume that the developer is doing it for a reason.


Avi Brender
Elite Hosts, Inc
www.elitehosts.com

------------------------------------------------
WARNING !!! This email message is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information. 
Any unauthorized review; use, disclosure or distribution is prohibited, 
and could result in criminal prosecution. If you are not the intended 
recipient, please contact the sender by reply email and destroy all 
copies of the original message. This message is private and is 
considered a confidential exchange - public disclosure of this 
electronic message or its contents are prohibited.

On 09/12/2011 12:45 AM, Laruence wrote:
> hmm, after deep looking,  I found maybe this behavior(cann't connect
> to NAT server when use pasv mode) is "as expected",
> since this is not php ftp-ext issue, but a ftp server configure issue,
>
> that is,  if we apply this patch, will make the php ftp-ext not a
> standard ftp protocl executor.
>
>
> thanks
>
> 2011/9/12 Laruence<laruence@php.net>:
>> 2011/9/12 Avi Brender<abrender@elitehosts.com>:
>>> Hi,
>>>
>>> Please see if the attached patch better addresses your concerns.
>>>
>>> Regarding the variable name, the PHP_FTP_OPT_USEPASVADDRESS is only internal
>>> and is modeled after the other variables PHP_FTP_TIMEOUT_SEC and
>>> PHP_FTP_OPT_AUTOSEEK. The variable actually passed to the ftp_set_option()
>>> function by users is FTP_USEPASVADDRESS as defined in php_ftp.c which is
>>> inline with the other variables FTP_AUTORESUME, FTP_TIMEOUT_SEC,
>>> FTP_AUTOSEEK etc.
>>>
>>> In terms of tests, what type of tests were you thinking of? We can't ensure
>>> that ftp->pasvaddr is set properly in response to a PASV command unless
>> actually I think it can,  plz refer to the existing test config script
>> "server.inc" under the ftp/tests/,
>> and maybe you can simulate a test environ?
>>
>> and thanks for your work on PHP
>>> there's a way to expose those internal variables to the test - I'm not
>>> familiar enough with the internal PHP code to know if that's possible. If
>>> you're referring to tests that ensure that 1/0 true/false values passed to
>>> ftp_set_option() work properly then I've attached a test file for that.
>>>
>>> I don't want to clutter the bugzilla ticket with many attachments  so once
>>> the patch is approved I will post the final version in the ticket if that's
>>> okay.
>>>
>>> All the best,
>>>
>>> Avi Brender
>>> Elite Hosts, Inc
>>> www.elitehosts.com
>>> ------------------------------------------------
>>> WARNING !!! This email message is for the sole use of the intended
>>> recipient(s) and may contain confidential and privileged information. Any
>>> unauthorized review; use, disclosure or distribution is prohibited, and
>>> could result in criminal prosecution. If you are not the intended recipient,
>>> please contact the sender by reply email and destroy all copies of the
>>> original message. This message is private and is considered a confidential
>>> exchange - public disclosure of this electronic message or its contents are
>>> prohibited.
>>>
>>>
>>> On 09/11/2011 04:24 PM, Pierre Joye wrote:
>>>> hi!
>>>>
>>>> Please upload the patch in the bug tracker as well.
>>>>
>>>> It would be also better to use a more verbose name.
>>>> FTP_OPT_USEPASVADDRESS is somehow cryptic.
>>>>
>>>> Laruence's comment is still valid, the zval should be converted if it
>>>> is not int or bool.
>>>>
>>>> Btw, could you test cases as well please?
>>>>
>>>> Cheers,
>>>>
>>>> On Sun, Sep 11, 2011 at 10:00 PM, Avi Brender<abrender@elitehosts.com>
>>>>   wrote:
>>>>> Hi,
>>>>>
>>>>> I've updated the patch - please see attached.
>>>>>
>>>>> Avi Brender
>>>>> Elite Hosts, Inc
>>>>> www.elitehosts.com
>>>>> ------------------------------------------------
>>>>> WARNING !!! This email message is for the sole use of the intended
>>>>> recipient(s) and may contain confidential and privileged information. Any
>>>>> unauthorized review; use, disclosure or distribution is prohibited, and
>>>>> could result in criminal prosecution. If you are not the intended
>>>>> recipient,
>>>>> please contact the sender by reply email and destroy all copies of the
>>>>> original message. This message is private and is considered a
>>>>> confidential
>>>>> exchange - public disclosure of this electronic message or its contents
>>>>> are
>>>>> prohibited.
>>>>>
>>>>> On 09/11/2011 10:53 AM, Pierre Joye wrote:
>>>>>> hi,
>>>>>>
>>>>>> A simple test if it is IS_BOOL or IS_LONG should be enough, both types
>>>>>> use the the long value (convert_to_boolean_ex is slow and duplicate
>>>>>> the zval while it is not necessary). Then test>    0 instead of simply
>>>>>> assigning the value.
>>>>>>
>>>>>> On Sun, Sep 11, 2011 at 5:59 AM, Laruence<laruence@php.net>    wrote:
>>>>>>> Hi:
>>>>>>>     after a quick look,  I have one suggestion,
>>>>>>>     if the (Z_TYPE_P(z_value) != IS_BOOL), you should call
>>>>>>> convert_to_boolean_ex to convert it to a boolean
>>>>>>>     otherwise, people can not use a interge 1 as a true flag.
>>>>>>>
>>>>>>>     thanks
>>>>>>>
>>>>>>> 2011/9/11 Avi Brender<abrender@elitehosts.com>:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I've submitted bug #55651 along with a patch to implement a fix (also
>>>>>>>> attached) for the passive FTP mode issue. I was hoping that someone
>>>>>>>> could
>>>>>>>> review the bug report and consider the patch for inclusion in future
>>>>>>>> PHP
>>>>>>>> releases.
>>>>>>>>
>>>>>>>> Thanks so much!
>>>>>>>>
>>>>>>>> Avi Brender
>>>>>>>> Elite Hosts, Inc
>>>>>>>> www.elitehosts.com
>>>>>>>>
>>>>>>>> --
>>>>>>>> PHP Internals - PHP Runtime Development Mailing List
>>>>>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Laruence  Xinchen Hui
>>>>>>> http://www.laruence.com/
>>>>>>>
>>>>>>> --
>>>>>>> PHP Internals - PHP Runtime Development Mailing List
>>>>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>>>>
>>>>>>>
>>>>>>
>>>>> --
>>>>> PHP Internals - PHP Runtime Development Mailing List
>>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>>
>>>>
>>> --
>>> PHP Internals - PHP Runtime Development Mailing List
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>
>>
>> --
>> Laruence  Xinchen Hui
>> http://www.laruence.com/
>>
>
>