From 950b53da0d47f8975a062b9fbba9e1db0efb8f31 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 6 Feb 2020 11:36:53 +0100 Subject: ftp: remove superfluous checking for crlf in user or pwd ... as this is already done much earlier in the URL parser. Also add test case 894 that verifies that pop3 with an encodedd CR in the user name is rejected. Closes #4887 --- lib/ftp.c | 17 ----------------- tests/data/Makefile.inc | 3 +-- tests/data/test894 | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 19 deletions(-) create mode 100644 tests/data/test894 diff --git a/lib/ftp.c b/lib/ftp.c index c20b6bf10..60fea5421 100644 --- a/lib/ftp.c +++ b/lib/ftp.c @@ -253,18 +253,6 @@ static void freedirs(struct ftp_conn *ftpc) Curl_safefree(ftpc->newhost); } -/* Returns non-zero if the given string contains CR (\r) or LF (\n), - which are not allowed within RFC 959 . - Note: The input string is in the client's encoding which might - not be ASCII, so escape sequences \r & \n must be used instead - of hex values 0x0d & 0x0a. -*/ -static bool isBadFtpString(const char *string) -{ - return ((NULL != strchr(string, '\r')) || - (NULL != strchr(string, '\n'))) ? TRUE : FALSE; -} - /*********************************************************************** * * AcceptServerConnect() @@ -4377,11 +4365,6 @@ static CURLcode ftp_setup_connection(struct connectdata *conn) */ ftp->user = conn->user; ftp->passwd = conn->passwd; - if(isBadFtpString(ftp->user)) - return CURLE_URL_MALFORMAT; - if(isBadFtpString(ftp->passwd)) - return CURLE_URL_MALFORMAT; - conn->proto.ftpc.known_filesize = -1; /* unknown size for now */ return CURLE_OK; diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index f72ccbc16..5fbe18396 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -96,12 +96,11 @@ test818 test819 test820 test821 test822 test823 test824 test825 test826 \ test827 test828 test829 test830 test831 test832 test833 test834 test835 \ test836 test837 test838 test839 test840 test841 test842 test843 test844 \ test845 test846 test847 test848 test849 \ -\ test850 test851 test852 test853 test854 test855 test856 test857 test858 \ test859 test860 test861 test862 test863 test864 test865 test866 test867 \ test868 test869 test870 test871 test872 test873 test874 test875 test876 \ test877 test878 test879 test880 test881 test882 test883 test884 test885 \ -test886 test887 test888 test889 test890 test891 test892 test893 \ +test886 test887 test888 test889 test890 test891 test892 test893 test894 \ \ test900 test901 test902 test903 test904 test905 test906 test907 test908 \ test909 test910 test911 test912 test913 test914 test915 test916 test917 \ diff --git a/tests/data/test894 b/tests/data/test894 new file mode 100644 index 000000000..db79830ca --- /dev/null +++ b/tests/data/test894 @@ -0,0 +1,37 @@ + + + +POP3 +Clear Text +RETR + + + +# +# Server-side + + + +# +# Client-side + + +pop3 + + +POP3 with CR in username + + +pop3://user%0dFRIGGING_cmd:secret@%HOSTIP:%POP3PORT/894 + + + +# +# Verify data after the test has been "shot" + +# malformed URL + +3 + + + -- cgit v1.2.3