aboutsummaryrefslogtreecommitdiff
path: root/lib/ftp.c
AgeCommit message (Collapse)Author
2019-11-29parsedate: offer a getdate_capped() alternativeDaniel Stenberg
... and use internally. This function will return TIME_T_MAX instead of failure if the parsed data is found to be larger than what can be represented. TIME_T_MAX being the largest value curl can represent. Reviewed-by: Daniel Gustafsson Reported-by: JanB on github Fixes #4152 Closes #4651
2019-09-27FTP: url-decode path before evaluationZenju
Closes #4428
2019-09-26Revert "FTP: url-decode path before evaluation"Daniel Stenberg
This reverts commit 2f036a72d543e96128bd75cb0fedd88815fd42e2.
2019-09-26FTP: url-decode path before evaluationZenju
Closes #4423
2019-09-21FTP: FTPFILE_NOCWD: avoid redundant CWDsZenju
Closes #4382
2019-09-20ftp: the conditional expression is always trueDaniel Stenberg
... both !result and (ftp->transfer != FTPTRANSFER_BODY)! Fixes warning detected by PVS-Studio Fixes #4374
2019-09-20ftp: Expression 'ftpc->wait_data_conn' is always falseDaniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-20ftp: Expression 'ftpc->wait_data_conn' is always trueDaniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-20ftp: part of conditional expression is always true: !resultDaniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-18FTP: remove trailing slash from path for LIST/MLSDZenju
Closes #4348
2019-09-13FTP: allow "rubbish" prepended to the SIZE responseDaniel Stenberg
This is a protocol violation but apparently there are legacy proprietary servers doing this. Added test 336 and 337 to verify. Reported-by: Philippe Marguinaud Closes #4339
2019-09-13FTP: skip CWD to entry dir when target is absoluteZenju
Closes #4332
2019-08-01timediff: make it 64 bit (if possible) even with 32 bit time_tDaniel Stenberg
... to make it hold microseconds too. Fixes #4165 Closes #4168
2019-07-30cleanup: remove the 'numsocks' argument used in many placesDaniel Stenberg
It was used (intended) to pass in the size of the 'socks' array that is also passed to these functions, but was rarely actually checked/used and the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries that should be used instead. Closes #4169
2019-06-05build: fix Codacy warningsMarcel Raad
Reduce variable scopes and remove redundant variable stores. Closes https://github.com/curl/curl/pull/3975
2019-05-16cleanup: remove FIXME and TODO commentsDaniel Stenberg
They serve very little purpose and mostly just add noise. Most of them have been around for a very long time. I read them all before removing or rephrasing them. Ref: #3876 Closes #3883
2019-05-11doh: disable DOH for the cases it doesn't workDaniel Stenberg
Due to limitations in Curl_resolver_wait_resolv(), it doesn't work for DOH resolves. This fix disables DOH for those. Limitation added to KNOWN_BUGS. Fixes #3850 Closes #3857
2019-03-01urldata: simplify bytecountersDaniel Stenberg
- no need to have them protocol specific - no need to set pointers to them with the Curl_setup_transfer() call - make Curl_setup_transfer() operate on a transfer pointer, not connection - switch some counters from long to the more proper curl_off_t type Closes #3627
2019-02-27urldata: convert bools to bitfields and move to endDaniel Stenberg
This allows the compiler to pack and align the structs better in memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2 makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000. Removed an unused struct field. No functionality changes. Closes #3610
2019-02-26strerror: make the strerror function use local buffersDaniel Stenberg
Instead of using a fixed 256 byte buffer in the connectdata struct. In my build, this reduces the size of the connectdata struct by 11.8%, from 2160 to 1904 bytes with no functionality or performance loss. This also fixes a bug in schannel's Curl_verify_certificate where it called Curl_sspi_strerror when it should have called Curl_strerror for string from GetLastError. the only effect would have been no text or the wrong text being shown for the error. Co-authored-by: Jay Satiro Closes #3612
2018-12-17pingpong: ignore regular timeout in disconnect phaseDaniel Stenberg
The timeout set with CURLOPT_TIMEOUT is no longer used when disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP, POP3). Reported-by: jasal82 on github Fixes #3264 Closes #3374
2018-11-23snprintf: renamed and we now only use msnprintf()Daniel Stenberg
The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297
2018-10-03memory: ensure to check allocation resultsDaniel Gustafsson
The result of a memory allocation should always be checked, as we may run under memory pressure where even a small allocation can fail. This adds checking and error handling to a few cases where the allocation wasn't checked for success. In the ftp case, the freeing of the path variable is moved ahead of the allocation since there is little point in keeping it around across the strdup, and the separation makes for more readable code. In nwlib, the lock is aslo freed in the error path. Also bumps the copyright years on affected files. Closes #3084 Reviewed-by: Jay Satiro <raysatiro@yahoo.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-23ftp: don't access pointer before NULL checkDaniel Stenberg
Detected by Coverity. CID 1439611. Follow-up from 46e164069d1a523
2018-09-22url: use the URL API internally as wellDaniel Stenberg
... to make it a truly unified URL parser. Closes #3017
2018-09-13ftp: include command in Curl_ftpsend sendbufferDaniel Gustafsson
Commit 8238ba9c5f10414a88f502bf3f5d5a42d632984c inadvertently removed the actual command to be sent from the send buffer in a refactoring. Add back copying the command into the buffer. Also add more guards against malformed input while at it. Closes #2985 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-06-12Curl_debug: remove dead printhost codeDaniel Stenberg
The struct field is never set (since 5e0d9aea3) so remove the use of it and remove the connectdata pointer from the prototype. Reported-by: Tejas Bug: https://curl.haxx.se/mail/lib-2018-06/0054.html Closes #2647
2018-06-11cppcheck: fix warningsMarian Klymov
- Get rid of variable that was generating false positive warning (unitialized) - Fix issues in tests - Reduce scope of several variables all over etc Closes #2631
2018-05-14lib: Fix format specifiersRikard Falkeborn
2018-04-24ftplistparser: keep state between invokesDaniel Stenberg
Fixes FTP wildcard parsing when done over a number of read buffers. Regression from f786d1f14 Reported-by: wncboy on github Fixes #2445 Closes #2526
2018-04-24Revert "ftplistparser: keep state between invokes"Daniel Stenberg
This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934. Caused fuzzer problems on travis not seen when this was a PR!
2018-04-23ftplistparser: keep state between invokesDaniel Stenberg
Fixes FTP wildcard parsing when doing over a number of read buffers. Regression from f786d1f14 Reported-by: wncboy on github Fixes #2445 Closes #2519
2018-04-23ftplistparser: renamed some members and variablesDaniel Stenberg
... to make them better spell out what they're for.
2018-04-06FTP: allow PASV on IPv6 connections when a proxy is being usedLaurie Clark-Michalek
In the situation of a client connecting to an FTP server using an IPv6 tunnel proxy, the connection info will indicate that the connection is IPv6. However, because the server behing the proxy is IPv4, it is permissable to attempt PSV mode. In the case of the FTP server being IPv4 only, EPSV will always fail, and with the current logic curl will be unable to connect to the server, as the IPv6 fwdproxy causes curl to think that EPSV is impossible. Closes #2432
2018-03-14FTP: fix typo in recursive callback detection for seekingdasimx
Fixes #2380
2018-03-12FTP: reject path components with control codesDaniel Stenberg
Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in the directory part when using the 'singlecwd' ftp method could make curl write a zero byte outside of the allocated buffer. Test case 340 verifies. CVE-2018-1000120 Reported-by: Duy Phan Thanh Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
2018-02-23spelling fixesViktor Szakats
Detected using the `codespell` tool. Also contains one URL protocol upgrade. Closes https://github.com/curl/curl/pull/2334
2018-02-15TODO fixed: Detect when called from within callbacksBjörn Stenberg
Closes #2302
2018-02-01time_t-fixes: remove typecasts to 'long' for info.filetimeDaniel Stenberg
They're now wrong. Reported-by: Michael Kaufmann Closes #2277
2018-01-30Curl_range: commonize FTP and FILE range handlingMax Dymond
Closes #2205
2017-10-28Curl_timeleft: change return type to timediff_tDaniel Stenberg
returning 'time_t' is problematic when that type is unsigned and we return values less than zero to signal "already expired", used in several places in the code. Closes #2021
2017-10-26wildcards: don't use with non-supported protocolsMax Dymond
Fixes timeouts in the fuzzing tests for non-FTP protocols. Closes #2016
2017-10-25time: rename Curl_tvnow to Curl_nowDaniel Stenberg
... since the 'tv' stood for timeval and this function does not return a timeval struct anymore. Also, cleaned up the Curl_timediff*() functions to avoid typecasts and clean up the descriptive comments. Closes #2011
2017-10-25timediff: return timediff_t from the time diff functionsDaniel Stenberg
... to cater for systems with unsigned time_t variables. - Renamed the functions to curlx_timediff and Curl_timediff_us. - Added overflow protection for both of them in either direction for both 32 bit and 64 bit time_ts - Reprefixed the curlx_time functions to use Curl_* Reported-by: Peter Piekarski Fixes #2004 Closes #2005
2017-10-20ftp: reject illegal IP/port in PASV 227 responseDaniel Stenberg
... by using range checks. Among other things, this avoids an undefined behavior for a left shift that could happen on negative or very large values. Closes #1997 Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
2017-10-10FTP: URL decode path for dir listing in nocwd modeDaniel Stenberg
Reported-by: Zenju on github Test 244 added to verify Fixes #1974 Closes #1976
2017-10-04ftp: UBsan fixup 'pointer index expression overflowed'Daniel Stenberg
Closes #1939
2017-10-02FTP: zero terminate the entry path even on bad inputDaniel Stenberg
... a single double quote could leave the entry path buffer without a zero terminating byte. CVE-2017-1000254 Test 1152 added to verify. Reported-by: Max Dymond Bug: https://curl.haxx.se/docs/adv_20171004.html
2017-09-12code style: remove wrong uses of multiple spacesDaniel Stenberg
Closes #1878
2017-09-11code style: use spaces around plusesDaniel Stenberg