>Number:         3520
>Category:       bin
>Synopsis:       URL parsing in ftp using ftp://host/dir/file fails
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 21 10:05:01 1997
>Last-Modified:
>Originator:     Havard Eidnes
>Organization:
	SINTEF RUNIT
>Release:        NetBSD-current April 20 1997
>Environment:
System: NetBSD vader.runit.sintef.no 1.2D NetBSD 1.2D (VADER) #0: Mon Apr 14 23:27:38 MEST 1997 he@vader.runit.sintef.no:/usr/src/sys/arch/i386/compile/VADER i386


>Description:
	URL parsing in fetch.c in ftp misparses an URL of the form
	ftp://host/dir/file, resulting in "host" being used as the user
	name, which leads to failure.

	Example:

% ftp -d ftp://ftp.ee.lbl.gov/pathchar/msri-talk.ps.gz
user ftp.ee.lbl.gov: host ftp.ee.lbl.gov port (null) dir pathchar file msri-talk.ps.gz
Connected to ee.lbl.gov.
220 ee.lbl.gov FTP server ready.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
---> USER ftp.ee.lbl.gov
530 Sorry, I can't accept a cleartext password over the wire.
ftp: Login failed.
ftp: Can't connect or login to host `ftp.ee.lbl.gov'
---> QUIT
221 Goodbye.
%

>How-To-Repeat:
	See above.
>Fix:
	No fix here, sorry, but the part starting at line 432 of fetch.c
	looks suspect:

                                /* look for [user:pass@]host[:port] */
                        user = host;
                        pass = strpbrk(user, ":@/");
                        if (pass == NULL || *pass == '/')
                                goto parsed_url;

	Why is "user" set to "host", and more importantly, why is it not
	reset if no user name was found in the URL?
>Audit-Trail:
>Unformatted: