Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FTP & SSL session reuse #9348

Closed
janpecha opened this issue Aug 16, 2022 · 3 comments
Closed

FTP & SSL session reuse #9348

janpecha opened this issue Aug 16, 2022 · 3 comments
Assignees
@nielsdos
Labels
Bug Extension: ftp Status: Verified

Comments

@janpecha
Copy link

Description

Hello,

FTP/SSL data connection fails after first data transfer, it results to error "425 Unable to build data connection: Operation not permitted".

The following code:

<?php

$f = ftp_ssl_connect('HOST');
ftp_login($f, 'USER', 'PASSWORD');
ftp_pasv($f, TRUE);
var_dump(ftp_nlist($f, '*'));
var_dump(ftp_nlist($f, '*'));

Resulted in this output:

array(2) {
  [0] =>
  string(4) "dirA"
  [1] =>
  string(9) "fileB.txt"
}
bool(false)

But I expected this output instead:

array(2) {
  [0] =>
  string(4) "dirA"
  [1] =>
  string(9) "fileB.txt"
}
array(2) {
  [0] =>
  string(4) "dirA"
  [1] =>
  string(9) "fileB.txt"
}

If I change code and try upload a file:

<?php
set_error_handler(function ($severity, $message) {
    echo $message;
});

$f = ftp_ssl_connect('HOST');
ftp_login($f, 'USER', 'PASSWORD');
ftp_pasv($f, TRUE);
ftp_fput($f, 'test-upload.txt', fopen(__DIR__ . '/my-file.txt', 'r'), FTP_BINARY);

It prints error 425 Unable to build data connection: Operation not permitted.

Links:

PHP Version

PHP 8.1.8 & all version from PHP 5.6

Operating System

Ubuntu 20.04
@simapple
Copy link

Could you list your ftp server's command logs ?

@janpecha
Copy link
Author

Sorry, I have no access to ftp server's logs.

@nielsdos nielsdos self-assigned this Dec 1, 2023
@nielsdos
Copy link
Member

nielsdos commented Dec 1, 2023

I received a private reproducer from another person yesterday with the exact same issue.
The issue is related to our session resumption code, I have a local patch that fixes is but I have to double check the correctness.

nielsdos added a commit to nielsdos/php-src that referenced this issue Dec 2, 2023
@nielsdos
Fix phpGH-9348: FTP & SSL session reuse
1018e47 
The issue referenced here doesn't contain a reproducer, but I recently
received an email of a user with the exact same problem. I was able to
recreate the scenario locally using vsftpd and setting
`require_ssl_reuse=YES` in the vsftpd configuration.

It turns out that our session resumption code is broken. It only works a
single time: the first time a data connection opens. Subsequent data
connections fail to reuse the session. This is because on every data
connection a new session is negotiated, but the current code always
tries to reuse the (stale) session of the control connection.

To fix this, we use SSL_CTX_sess_set_new_cb() to setup a callback that
gets called every time a new session is negotiated. We take a strong
reference using SSL_get1_session() and store it in the ftpbuf_t struct.
Every time we open a data connection we'll take that session.
This works because every control connection has at most a single
associated data connection.

Also disable internal session caching storage to not fill the cache up
with useless sessions.

There is no phpt for this because PHP does not support enforcing SSL
session reuse.
It is however testable manually by setting up vsftpd and setting the
`require_ssl_reuse=YES` function from before.
@nielsdos nielsdos linked a pull request Dec 2, 2023 that will close this issue
Fix GH-9348: FTP & SSL session reuse #12851
Closed
nielsdos added a commit that referenced this issue Dec 2, 2023
@nielsdos
Merge branch 'PHP-8.2' into PHP-8.3
addb6e4 
* PHP-8.2:
  Fix GH-9348: FTP & SSL session reuse
nielsdos added a commit that referenced this issue Dec 2, 2023
@nielsdos
Merge branch 'PHP-8.3'
f601963 
* PHP-8.3:
  Fix GH-9348: FTP & SSL session reuse
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nielsdos nielsdos

Labels
Bug Extension: ftp Status: Verified
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-9348: FTP & SSL session reuse nielsdos/php-src
4 participants
@janpecha @simapple @cmb69 @nielsdos