[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 14/222: FTP: allow "rubbish" prepended to the SIZE response
From: |
gnunet |
Subject: |
[gnurl] 14/222: FTP: allow "rubbish" prepended to the SIZE response |
Date: |
Thu, 07 Nov 2019 00:08:30 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 65f5b958c95d538a9b205e2753a476d1a7c89179
Author: Daniel Stenberg <address@hidden>
AuthorDate: Thu Sep 12 17:50:21 2019 +0200
FTP: allow "rubbish" prepended to the SIZE response
This is a protocol violation but apparently there are legacy proprietary
servers doing this.
Added test 336 and 337 to verify.
Reported-by: Philippe Marguinaud
Closes #4339
---
lib/ftp.c | 20 +++++++++++++++--
tests/data/Makefile.inc | 2 +-
tests/data/test336 | 58 +++++++++++++++++++++++++++++++++++++++++++++++++
tests/data/test337 | 58 +++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 135 insertions(+), 3 deletions(-)
diff --git a/lib/ftp.c b/lib/ftp.c
index 0793dc1f3..00233a80d 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -2244,9 +2244,25 @@ static CURLcode ftp_state_size_resp(struct connectdata
*conn,
char *buf = data->state.buffer;
/* get the size from the ascii string: */
- if(ftpcode == 213)
+ if(ftpcode == 213) {
+ /* To allow servers to prepend "rubbish" in the response string, we scan
+ for all the digits at the end of the response and parse only those as a
+ number. */
+ char *start = &buf[4];
+ char *fdigit = strchr(start, '\r');
+ if(fdigit) {
+ do
+ fdigit--;
+ while(ISDIGIT(*fdigit) && (fdigit > start));
+ if(!ISDIGIT(*fdigit))
+ fdigit++;
+ }
+ else
+ fdigit = start;
/* ignores parsing errors, which will make the size remain unknown */
- (void)curlx_strtoofft(buf + 4, NULL, 0, &filesize);
+ (void)curlx_strtoofft(fdigit, NULL, 0, &filesize);
+
+ }
if(instate == FTP_SIZE) {
#ifdef CURL_FTP_HTTPSTYLE_HEAD
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index fc22c2f17..3733bd6b9 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -57,7 +57,7 @@ test298 test299 test300 test301 test302 test303 test304
test305 test306 \
test307 test308 test309 test310 test311 test312 test313 test314 test315 \
test316 test317 test318 test319 test320 test321 test322 test323 test324 \
test325 test326 test327 test328 test329 test330 test331 test332 test333 \
-test334 test335 \
+test334 test335 test336 test337 \
test340 \
\
test350 test351 test352 test353 test354 test355 test356 \
diff --git a/tests/data/test336 b/tests/data/test336
new file mode 100644
index 000000000..85477c96c
--- /dev/null
+++ b/tests/data/test336
@@ -0,0 +1,58 @@
+<testcase>
+<info>
+<keywords>
+FTP
+PASV
+TYPE A
+RETR
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+data
+ to
+ see
+that FTP
+works
+ so does it?
+</data>
+<datacheck nonewline="yes">
+data
+</datacheck>
+<servercmd>
+REPLY EPSV 500 no such command
+REPLY SIZE 500 no such command
+</servercmd>
+</reply>
+
+# Client-side
+<client>
+<server>
+ftp
+</server>
+ <name>
+FTP range download when SIZE doesn't work
+ </name>
+ <command>
+ftp://%HOSTIP:%FTPPORT/336 --use-ascii --range 3-6
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+USER anonymous
+PASS address@hidden
+PWD
+EPSV
+PASV
+TYPE A
+SIZE 336
+REST 3
+RETR 336
+ABOR
+QUIT
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test337 b/tests/data/test337
new file mode 100644
index 000000000..80086dda7
--- /dev/null
+++ b/tests/data/test337
@@ -0,0 +1,58 @@
+<testcase>
+<info>
+<keywords>
+FTP
+PASV
+TYPE A
+RETR
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+data
+ to
+ see
+that FTP
+works
+ so does it?
+</data>
+<datacheck nonewline="yes">
+data
+</datacheck>
+<servercmd>
+REPLY EPSV 500 no such command
+REPLY SIZE 213 file: 213, Size =51
+</servercmd>
+</reply>
+
+# Client-side
+<client>
+<server>
+ftp
+</server>
+ <name>
+FTP range download with SIZE returning extra crap
+ </name>
+ <command>
+ftp://%HOSTIP:%FTPPORT/337 --use-ascii --range 3-6
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+USER anonymous
+PASS address@hidden
+PWD
+EPSV
+PASV
+TYPE A
+SIZE 337
+REST 3
+RETR 337
+ABOR
+QUIT
+</protocol>
+</verify>
+</testcase>
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 12/222: curl: fix memory leaked by parse_metalink(), (continued)
- [gnurl] 12/222: curl: fix memory leaked by parse_metalink(), gnunet, 2019/11/06
- [gnurl] 07/222: RELEASE-NOTES: synced, gnunet, 2019/11/06
- [gnurl] 13/222: FTP: skip CWD to entry dir when target is absolute, gnunet, 2019/11/06
- [gnurl] 10/222: curl:file2string: load large files much faster, gnunet, 2019/11/06
- [gnurl] 09/222: openssl: close_notify on the FTP data connection doesn't mean closure, gnunet, 2019/11/06
- [gnurl] 15/222: appveyor: add a winbuild, gnunet, 2019/11/06
- [gnurl] 23/222: smb: check for full size message before reading message details, gnunet, 2019/11/06
- [gnurl] 17/222: docs: fix typo in CURLOPT_HTTP_VERSION man, gnunet, 2019/11/06
- [gnurl] 18/222: docs: remove trailing ':' from section names in CURLOPT_TRAILER* man, gnunet, 2019/11/06
- [gnurl] 25/222: doh: clean up dangling DOH handles and memory on easy close, gnunet, 2019/11/06
- [gnurl] 14/222: FTP: allow "rubbish" prepended to the SIZE response,
gnunet <=
- [gnurl] 22/222: quiche: persist connection details, gnunet, 2019/11/06
- [gnurl] 19/222: doh: fix (harmless) buffer overrun, gnunet, 2019/11/06
- [gnurl] 24/222: unit1655: make it C90 compliant, gnunet, 2019/11/06
- [gnurl] 21/222: openssl: fix warning with boringssl and SSL_CTX_set_min_proto_version, gnunet, 2019/11/06
- [gnurl] 16/222: CI: inintial github action job, gnunet, 2019/11/06
- [gnurl] 20/222: doh: fix undefined behaviour and open up for gcc and clang optimization, gnunet, 2019/11/06
- [gnurl] 26/222: http2: relax verification of :authority in push promise requests, gnunet, 2019/11/06
- [gnurl] 27/222: url: cleanup dangling DOH request headers too, gnunet, 2019/11/06
- [gnurl] 28/222: mime: when disabled, avoid C99 macro, gnunet, 2019/11/06
- [gnurl] 32/222: url: only reuse TLS connections with matching pinning, gnunet, 2019/11/06