From dean-debian@arctic.org Thu Jul  8 22:07:40 2004
Date: Thu, 8 Jul 2004 22:07:09 -0700 (PDT)
From: dean gaudet <dean-debian@arctic.org>
To: submit@bugs.debian.org
Subject: add ftpd -n option for logging IP

Package: ftpd
Version: 0.17-18

if an attacker has control over their reverse DNS then using gethostbyname
for logging throws away useful forensic log info.  this patch adds a -n
option similar to -n in many other tools -- it disables the reverse lookup
and logs and IP address.

-dean

diff -rpu linux-ftpd-0.17.deborig/debian/changelog linux-ftpd-0.17/debian/changelog
--- linux-ftpd-0.17.deborig/debian/changelog	2004-07-08 15:31:03.000000000 -0700
+++ linux-ftpd-0.17/debian/changelog	2004-07-08 22:02:37.000000000 -0700
@@ -1,3 +1,11 @@
+linux-ftpd (0.17-18.dg1) unstable; urgency=low
+
+  * add -n option to log numeric IPs rather than doing reverse
+    lookup -- for improved log forensics in the event an attacker
+    has control of their reverse DNS.
+
+ -- dean gaudet <dean@arctic.org>  Thu,  8 Jul 2004 22:02:03 -0700
+
 linux-ftpd (0.17-18) unstable; urgency=low

   * New maintainer. (Closes: #249709)
diff -rpu linux-ftpd-0.17.deborig/ftpd/ftpd.8 linux-ftpd-0.17/ftpd/ftpd.8
--- linux-ftpd-0.17.deborig/ftpd/ftpd.8	2004-07-08 15:31:03.000000000 -0700
+++ linux-ftpd-0.17/ftpd/ftpd.8	2004-07-08 22:01:42.000000000 -0700
@@ -46,7 +46,7 @@
 Internet File Transfer Protocol server
 .Sh SYNOPSIS
 .Nm ftpd
-.Op Fl AdDhlMPSU
+.Op Fl AdDhlMnPSU
 .Op Fl T Ar maxtimeout
 .Op Fl t Ar timeout
 .Op Fl u Ar mask
@@ -105,6 +105,8 @@ for anonymous transfers, a directory mat
 the IP number the client connected to, and located inside
 .Pa ~ftp
 is used instead.
+.It Fl n
+Use numeric IP addresses in logs instead of doing hostname lookup.
 .It Fl P
 Permit illegal port numbers or addresses for PORT command initiated connects.
 By default
diff -rpu linux-ftpd-0.17.deborig/ftpd/ftpd.c linux-ftpd-0.17/ftpd/ftpd.c
--- linux-ftpd-0.17.deborig/ftpd/ftpd.c	2004-07-08 15:31:03.000000000 -0700
+++ linux-ftpd-0.17/ftpd/ftpd.c	2004-07-08 22:00:38.000000000 -0700
@@ -166,6 +166,7 @@ struct	spwd *spw = NULL;
 int	debug = 0;
 int	timeout = 900;    /* timeout after 15 minutes of inactivity */
 int	maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
+int	numeric_hosts = 0;/* log numeric IP rather than doing lookup */
 int	logging;
 int	high_data_ports = 0;
 int	anon_only = 0;
@@ -312,7 +313,7 @@ main(int argc, char *argv[], char **envp
 	socklen_t addrlen;
 	char *cp, line[LINE_MAX];
 	FILE *fd;
-	const char *argstr = "AdDhlMSt:T:u:UvP";
+	const char *argstr = "AdDhlMnSt:T:u:UvP";
 	struct hostent *hp;

 #ifdef __linux__
@@ -372,6 +373,10 @@ main(int argc, char *argv[], char **envp
 			multihome = 1;
 			break;

+		case 'n':
+			numeric_hosts = 1;
+			break;
+
 		case 'S':
 			stats = 1;
 			break;
@@ -2066,10 +2071,11 @@ void renamecmd(char *from, char *to)

 static void dolog(struct sockaddr_in *sn)
 {
-	struct hostent *hp = gethostbyaddr((char *)&sn->sin_addr,
-		sizeof(struct in_addr), AF_INET);
+	struct hostent *hp;

-	if (hp)
+	if (!numeric_hosts &&
+		(hp = gethostbyaddr((char *)&sn->sin_addr,
+				    sizeof(struct in_addr), AF_INET)))
 		(void) strncpy(remotehost, hp->h_name, sizeof(remotehost)-1);
 	else
 		(void) strncpy(remotehost, inet_ntoa(sn->sin_addr),