ProFTPD and ASCII Transfers


Like most FTP servers (and clients), proftpd contains code specifically for handling files that are transferred in ASCII mode. RFC959 requires that when sending a file transferred in ASCII mode, the server (or client) must ensure that every carriage return (CR) character is followed by a line feed (LF) character. The receiving program then checks the file for these CRLF sequences and re-translates them into the native line-ending format for the host machine. This allows clients on platforms whose ASCII line ending is CRLF (e.g. Windows) to send those files to platforms whose ASCII line ending is LF (e.g. Unix), at the cost of complex handling of ASCII data in FTP.

The FTP TYPE command is used by the client to tell the server which transfer type is to be used: A for ASCII, I for binary. For the LIST and NLST FTP commands, the data transfer is always done in ASCII mode. The other FTP commands are unaffected by the transfer mode, with two notable exceptions: REST and SIZE.

Why should REST (for resuming a transfer) and SIZE (for determining the size of a file on the server) be affected? The REST command tells the server at which byte to begin transferring a file. Recall that since the server may have altered the bytes received from the client in ASCII mode, the offset used by the client may be in a different position of the file on the server. Similarly, in ASCII mode, the size of the file that the client will receive may be different than the actual size of the file on the server. For example, a Unix FTP server transferring a file in ASCII mode to a Windows FTP client will need to add CR characters, increasing the size of the file (from the server's point of view).

Properly handling the SIZE command would require the server to scan the file in question and perform the translation logic, which is resource-intensive. It is an easy way for a malicious client to try a "denial of service" attack on the server, forcing the server to perform many time-consuming calculations needlessly. The REST command can be abused in the same fashion. ProFTPD thus does not perform ASCII translation when handling the REST and SIZE commands.

An FTP client will usually use SIZE when it wants to resume downloading file. However, clients in general should not be resuming downloads in ASCII mode. Resuming downloads in binary mode is the recommended way.


$Date$