diff options
author | Ville Hukkamaki <ville@fihells01.fi.dhl.com> | 2016-08-05 16:09:13 +0300 |
---|---|---|
committer | Nikita Popov <nikic@php.net> | 2016-08-05 22:56:54 +0200 |
commit | 65056e9d6c74adef89332080b5458fd4850fb3b7 (patch) | |
tree | 33ddf7bb44cb44a75f94e870c85ad82fc16146ca /ext | |
parent | a8515a339d227ace5d5bad40b2a6e6cbe096d894 (diff) | |
download | php-git-65056e9d6c74adef89332080b5458fd4850fb3b7.tar.gz |
Fix #72764
Negotiate data channel encryption after NLST command.
This is to prevent issues with IIS and ProFTPD.
Diffstat (limited to 'ext')
-rw-r--r-- | ext/ftp/tests/server.inc | 8 | ||||
-rw-r--r-- | ext/standard/ftp_fopen_wrapper.c | 22 |
2 files changed, 15 insertions, 15 deletions
diff --git a/ext/ftp/tests/server.inc b/ext/ftp/tests/server.inc index e2a74029bf..5629c2e312 100644 --- a/ext/ftp/tests/server.inc +++ b/ext/ftp/tests/server.inc @@ -288,6 +288,10 @@ if ($pid) { } + if ((!empty($ssl)) && (!stream_socket_enable_crypto($pasvs, true, STREAM_CRYPTO_METHOD_SSLv23_SERVER))) { + die("SSLv23 handshake failed.\n"); + } + if (empty($m[1]) || $m[1] !== 'emptydir') { fputs($fs, "file1\r\nfile1\r\nfile\nb0rk\r\n"); } @@ -403,10 +407,6 @@ if ($pid) { $pasvs = stream_socket_accept($soc,10); - if ((!empty($ssl)) && (!stream_socket_enable_crypto($pasvs, true, STREAM_CRYPTO_METHOD_SSLv23_SERVER))) { - die("SSLv23 handshake failed.\n"); - } - }elseif (preg_match('/^EPSV/', $buf, $matches)) { fputs($s, "550 Extended passsive mode not supported.\r\n"); } elseif (preg_match('/^SITE EXEC/', $buf, $matches)) { diff --git a/ext/standard/ftp_fopen_wrapper.c b/ext/standard/ftp_fopen_wrapper.c index 0d5384e3a5..bfb163167a 100644 --- a/ext/standard/ftp_fopen_wrapper.c +++ b/ext/standard/ftp_fopen_wrapper.c @@ -737,17 +737,6 @@ php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, const char *pat goto opendir_errexit; } - php_stream_context_set(datastream, context); - if (use_ssl_on_data && (php_stream_xport_crypto_setup(datastream, - STREAM_CRYPTO_METHOD_SSLv23_CLIENT, NULL TSRMLS_CC) < 0 || - php_stream_xport_crypto_enable(datastream, 1 TSRMLS_CC) < 0)) { - - php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Unable to activate SSL mode"); - php_stream_close(datastream); - datastream = NULL; - goto opendir_errexit; - } - php_stream_printf(stream TSRMLS_CC, "NLST %s\r\n", (resource->path != NULL ? resource->path : "/")); @@ -761,6 +750,17 @@ php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, const char *pat goto opendir_errexit; } + php_stream_context_set(datastream, context); + if (use_ssl_on_data && (php_stream_xport_crypto_setup(datastream, + STREAM_CRYPTO_METHOD_SSLv23_CLIENT, NULL TSRMLS_CC) < 0 || + php_stream_xport_crypto_enable(datastream, 1 TSRMLS_CC) < 0)) { + + php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Unable to activate SSL mode"); + php_stream_close(datastream); + datastream = NULL; + goto opendir_errexit; + } + php_url_free(resource); dirsdata = emalloc(sizeof *dirsdata); |