Fixed a boundary condition error in ftp_readresp() whereby a non-terminal

line of a multiline FTP response whose last byte landed exactly at the end
of the BUFSIZE-length buffer would be treated as the terminal response
line.  The following response code read in would then actually be the
end of the previous response line, and all responses from then on would
correspond to the wrong command. Test case 1062 verifies this.

Stop closing a never-opened ftp socket.
This commit is contained in:
Dan Fandrich 2008-08-11 23:16:08 +00:00
parent 8bb208e8f8
commit f1fe04245a
4 changed files with 78 additions and 14 deletions

10
CHANGES
View File

@ -7,6 +7,16 @@
Changelog Changelog
Daniel Fandrich (11 Aug 2008)
- Fixed a boundary condition error in ftp_readresp() whereby a non-terminal
line of a multiline FTP response whose last byte landed exactly at the end
of the BUFSIZE-length buffer would be treated as the terminal response
line. The following response code read in would then actually be the
end of the previous response line, and all responses from then on would
correspond to the wrong command. Test case 1062 verifies this.
- Stop closing a never-opened ftp socket.
Daniel Stenberg (11 Aug 2008) Daniel Stenberg (11 Aug 2008)
- Constantine Sapuntzakis filed bug report #2042430 - Constantine Sapuntzakis filed bug report #2042430
(http://curl.haxx.se/bug/view.cgi?id=2042430) with a patch. "NTLM Windows (http://curl.haxx.se/bug/view.cgi?id=2042430) with a patch. "NTLM Windows

View File

@ -388,7 +388,7 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
ssize_t gotbytes; ssize_t gotbytes;
char *ptr; char *ptr;
struct SessionHandle *data = conn->data; struct SessionHandle *data = conn->data;
char *buf = data->state.buffer; char * const buf = data->state.buffer;
CURLcode result = CURLE_OK; CURLcode result = CURLE_OK;
struct ftp_conn *ftpc = &conn->proto.ftpc; struct ftp_conn *ftpc = &conn->proto.ftpc;
int code = 0; int code = 0;
@ -414,6 +414,7 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
* int to begin with, even though its datatype may be larger * int to begin with, even though its datatype may be larger
* than an int. * than an int.
*/ */
DEBUGASSERT((ptr+ftpc->cache_size) <= (buf+BUFSIZE+1));
memcpy(ptr, ftpc->cache, (int)ftpc->cache_size); memcpy(ptr, ftpc->cache, (int)ftpc->cache_size);
gotbytes = (int)ftpc->cache_size; gotbytes = (int)ftpc->cache_size;
free(ftpc->cache); /* free the cache */ free(ftpc->cache); /* free the cache */
@ -427,6 +428,7 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
conn->data_prot = 0; conn->data_prot = 0;
#endif #endif
DEBUGASSERT((ptr+BUFSIZE-ftpc->nread_resp) <= (buf+BUFSIZE+1));
res = Curl_read(conn, sockfd, ptr, BUFSIZE-ftpc->nread_resp, res = Curl_read(conn, sockfd, ptr, BUFSIZE-ftpc->nread_resp,
&gotbytes); &gotbytes);
#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI) #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
@ -535,9 +537,10 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
dash or a space and it is significant */ dash or a space and it is significant */
clipamount = 4; clipamount = 4;
} }
else if(perline && (ftpc->nread_resp > BUFSIZE/2)) { else if(ftpc->nread_resp > BUFSIZE/2) {
/* We got a large chunk of data and there's still trailing data to /* We got a large chunk of data and there's potentially still trailing
take care of, so we put that part in the "cache" and restart */ data to take care of, so we put any such part in the "cache", clear
the buffer to make space and restart. */
clipamount = perline; clipamount = perline;
restart = TRUE; restart = TRUE;
} }
@ -3224,17 +3227,19 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
shutdown(conn->sock[SECONDARYSOCKET],2); /* SD_BOTH */ shutdown(conn->sock[SECONDARYSOCKET],2); /* SD_BOTH */
#endif #endif
if(conn->ssl[SECONDARYSOCKET].use) { if(conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD) {
/* The secondary socket is using SSL so we must close down that part first if(conn->ssl[SECONDARYSOCKET].use) {
before we close the socket for real */ /* The secondary socket is using SSL so we must close down that part first
Curl_ssl_close(conn, SECONDARYSOCKET); before we close the socket for real */
Curl_ssl_close(conn, SECONDARYSOCKET);
/* Note that we keep "use" set to TRUE since that (next) connection is /* Note that we keep "use" set to TRUE since that (next) connection is
still requested to use SSL */ still requested to use SSL */
}
sclose(conn->sock[SECONDARYSOCKET]);
conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
} }
sclose(conn->sock[SECONDARYSOCKET]);
conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
if((ftp->transfer == FTPTRANSFER_BODY) && !status && !premature) { if((ftp->transfer == FTPTRANSFER_BODY) && !status && !premature) {
/* /*

View File

@ -55,7 +55,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \
test1033 test539 test1034 test1035 test1036 test1037 test1038 test1039 \ test1033 test539 test1034 test1035 test1036 test1037 test1038 test1039 \
test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 \ test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 \
test1048 test1049 test1050 test1051 test1052 test1053 test1054 test1055 \ test1048 test1049 test1050 test1051 test1052 test1053 test1054 test1055 \
test1056 test1057 test1058 test1059 test1056 test1057 test1058 test1059 test1062
filecheck: filecheck:
@mkdir test-place; \ @mkdir test-place; \

49
tests/data/test1062 Normal file

File diff suppressed because one or more lines are too long