Fixed a boundary condition error in ftp_readresp() whereby a non-terminal

line of a multiline FTP response whose last byte landed exactly at the end
of the BUFSIZE-length buffer would be treated as the terminal response
line.  The following response code read in would then actually be the
end of the previous response line, and all responses from then on would
correspond to the wrong command. Test case 1062 verifies this.

Stop closing a never-opened ftp socket.
This commit is contained in:
Dan Fandrich 2008-08-11 23:16:08 +00:00
parent 8bb208e8f8
commit f1fe04245a
4 changed files with 78 additions and 14 deletions

10
CHANGES
View File

@ -7,6 +7,16 @@
Changelog
Daniel Fandrich (11 Aug 2008)
- Fixed a boundary condition error in ftp_readresp() whereby a non-terminal
line of a multiline FTP response whose last byte landed exactly at the end
of the BUFSIZE-length buffer would be treated as the terminal response
line. The following response code read in would then actually be the
end of the previous response line, and all responses from then on would
correspond to the wrong command. Test case 1062 verifies this.
- Stop closing a never-opened ftp socket.
Daniel Stenberg (11 Aug 2008)
- Constantine Sapuntzakis filed bug report #2042430
(http://curl.haxx.se/bug/view.cgi?id=2042430) with a patch. "NTLM Windows

View File

@ -388,7 +388,7 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
ssize_t gotbytes;
char *ptr;
struct SessionHandle *data = conn->data;
char *buf = data->state.buffer;
char * const buf = data->state.buffer;
CURLcode result = CURLE_OK;
struct ftp_conn *ftpc = &conn->proto.ftpc;
int code = 0;
@ -414,6 +414,7 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
* int to begin with, even though its datatype may be larger
* than an int.
*/
DEBUGASSERT((ptr+ftpc->cache_size) <= (buf+BUFSIZE+1));
memcpy(ptr, ftpc->cache, (int)ftpc->cache_size);
gotbytes = (int)ftpc->cache_size;
free(ftpc->cache); /* free the cache */
@ -427,6 +428,7 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
conn->data_prot = 0;
#endif
DEBUGASSERT((ptr+BUFSIZE-ftpc->nread_resp) <= (buf+BUFSIZE+1));
res = Curl_read(conn, sockfd, ptr, BUFSIZE-ftpc->nread_resp,
&gotbytes);
#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
@ -535,9 +537,10 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
dash or a space and it is significant */
clipamount = 4;
}
else if(perline && (ftpc->nread_resp > BUFSIZE/2)) {
/* We got a large chunk of data and there's still trailing data to
take care of, so we put that part in the "cache" and restart */
else if(ftpc->nread_resp > BUFSIZE/2) {
/* We got a large chunk of data and there's potentially still trailing
data to take care of, so we put any such part in the "cache", clear
the buffer to make space and restart. */
clipamount = perline;
restart = TRUE;
}
@ -3224,17 +3227,19 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
shutdown(conn->sock[SECONDARYSOCKET],2); /* SD_BOTH */
#endif
if(conn->ssl[SECONDARYSOCKET].use) {
/* The secondary socket is using SSL so we must close down that part first
before we close the socket for real */
Curl_ssl_close(conn, SECONDARYSOCKET);
if(conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD) {
if(conn->ssl[SECONDARYSOCKET].use) {
/* The secondary socket is using SSL so we must close down that part first
before we close the socket for real */
Curl_ssl_close(conn, SECONDARYSOCKET);
/* Note that we keep "use" set to TRUE since that (next) connection is
still requested to use SSL */
/* Note that we keep "use" set to TRUE since that (next) connection is
still requested to use SSL */
}
sclose(conn->sock[SECONDARYSOCKET]);
conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
}
sclose(conn->sock[SECONDARYSOCKET]);
conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
if((ftp->transfer == FTPTRANSFER_BODY) && !status && !premature) {
/*

View File

@ -55,7 +55,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \
test1033 test539 test1034 test1035 test1036 test1037 test1038 test1039 \
test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 \
test1048 test1049 test1050 test1051 test1052 test1053 test1054 test1055 \
test1056 test1057 test1058 test1059
test1056 test1057 test1058 test1059 test1062
filecheck:
@mkdir test-place; \

49
tests/data/test1062 Normal file

File diff suppressed because one or more lines are too long