/* Basic FTP routines.
- Copyright (C) 1996-2006 Free Software Foundation, Inc.
+ Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003,
+ 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
This file is part of GNU Wget.
GNU Wget is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
+the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
GNU Wget is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
-along with Wget; if not, write to the Free Software Foundation, Inc.,
-51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+along with Wget. If not, see <http://www.gnu.org/licenses/>.
-In addition, as a special exception, the Free Software Foundation
-gives permission to link the code of its release of Wget with the
-OpenSSL project's "OpenSSL" library (or with modified versions of it
-that use the same license as the "OpenSSL" library), and distribute
-the linked executables. You must obey the GNU General Public License
-in all respects for all of the code used other than "OpenSSL". If you
-modify this file, you may extend this exception to your version of the
-file, but you are not obligated to do so. If you do not wish to do
-so, delete this exception statement from your version. */
+Additional permission under GNU GPL version 3 section 7
-#include <config.h>
+If you modify this program, or any covered work, by linking or
+combining it with the OpenSSL project's OpenSSL library (or a
+modified version of that library), containing parts covered by the
+terms of the OpenSSL or SSLeay licenses, the Free Software Foundation
+grants you additional permission to convey the resulting work.
+Corresponding Source for a non-source form of such a combination
+shall include the source code for the parts of OpenSSL used as well
+as that of the covered work. */
+
+#include "wget.h"
#include <assert.h>
#include <stdio.h>
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif
-
-#include "wget.h"
#include "utils.h"
#include "connect.h"
#include "host.h"
char *p;
char *line = fd_read_line (fd);
if (!line)
- return FTPRERR;
+ return FTPRERR;
/* Strip trailing CRLF before printing the line, so that
- escnonprint doesn't include bogus \012 and \015. */
+ quotting doesn't include bogus \012 and \015. */
p = strchr (line, '\0');
if (p > line && p[-1] == '\n')
- *--p = '\0';
+ *--p = '\0';
if (p > line && p[-1] == '\r')
- *--p = '\0';
+ *--p = '\0';
if (opt.server_response)
- logprintf (LOG_NOTQUIET, "%s\n", escnonprint (line));
+ logprintf (LOG_NOTQUIET, "%s\n",
+ quotearg_style (escape_quoting_style, line));
else
- DEBUGP (("%s\n", escnonprint (line)));
+ DEBUGP (("%s\n", quotearg_style (escape_quoting_style, line)));
/* The last line of output is the one that begins with "ddd ". */
- if (ISDIGIT (line[0]) && ISDIGIT (line[1]) && ISDIGIT (line[2])
- && line[3] == ' ')
- {
- strncpy (ftp_last_respline, line, sizeof (ftp_last_respline));
- ftp_last_respline[sizeof (ftp_last_respline) - 1] = '\0';
- *ret_line = line;
- return FTPOK;
- }
+ if (c_isdigit (line[0]) && c_isdigit (line[1]) && c_isdigit (line[2])
+ && line[3] == ' ')
+ {
+ strncpy (ftp_last_respline, line, sizeof (ftp_last_respline));
+ ftp_last_respline[sizeof (ftp_last_respline) - 1] = '\0';
+ *ret_line = line;
+ return FTPOK;
+ }
xfree (line);
}
}
if (value)
{
/* Check for newlines in VALUE (possibly injected by the %0A URL
- escape) making the callers inadvertently send multiple FTP
- commands at once. Without this check an attacker could
- intentionally redirect to ftp://server/fakedir%0Acommand.../
- and execute arbitrary FTP command on a remote FTP server. */
+ escape) making the callers inadvertently send multiple FTP
+ commands at once. Without this check an attacker could
+ intentionally redirect to ftp://server/fakedir%0Acommand.../
+ and execute arbitrary FTP command on a remote FTP server. */
if (strpbrk (value, "\r\n"))
- {
- /* Copy VALUE to the stack and modify CR/LF to space. */
- char *defanged, *p;
- STRDUP_ALLOCA (defanged, value);
- for (p = defanged; *p; p++)
- if (*p == '\r' || *p == '\n')
- *p = ' ';
- DEBUGP (("\nDetected newlines in %s \"%s\"; changing to %s \"%s\"\n",
- command, escnonprint (value), command, escnonprint (defanged)));
- /* Make VALUE point to the defanged copy of the string. */
- value = defanged;
- }
+ {
+ /* Copy VALUE to the stack and modify CR/LF to space. */
+ char *defanged, *p;
+ STRDUP_ALLOCA (defanged, value);
+ for (p = defanged; *p; p++)
+ if (*p == '\r' || *p == '\n')
+ *p = ' ';
+ DEBUGP (("\nDetected newlines in %s \"%s\"; changing to %s \"%s\"\n",
+ command, quotearg_style (escape_quoting_style, value),
+ command, quotearg_style (escape_quoting_style, defanged)));
+ /* Make VALUE point to the defanged copy of the string. */
+ value = defanged;
+ }
res = concat_strings (command, " ", value, "\r\n", (char *) 0);
}
else
"331 s/key ",
"331 opiekey "
};
- int i;
+ size_t i;
const char *seed = NULL;
for (i = 0; i < countof (skey_head); i++)
{
- int l = strlen (skey_head[i]);
+ int l = strlen (skey_head[i]);
if (0 == strncasecmp (skey_head[i], respline, l))
- {
- seed = respline + l;
- break;
- }
+ {
+ seed = respline + l;
+ break;
+ }
}
if (seed)
{
int skey_sequence = 0;
- /* Extract the sequence from SEED. */
- for (; ISDIGIT (*seed); seed++)
- skey_sequence = 10 * skey_sequence + *seed - '0';
- if (*seed == ' ')
- ++seed;
+ /* Extract the sequence from SEED. */
+ for (; c_isdigit (*seed); seed++)
+ skey_sequence = 10 * skey_sequence + *seed - '0';
+ if (*seed == ' ')
+ ++seed;
else
{
xfree (respline);
return FTPLOGREFUSED;
}
- /* Replace the password with the SKEY response to the
- challenge. */
+ /* Replace the password with the SKEY response to the
+ challenge. */
pass = skey_response (skey_sequence, seed, pass);
}
}
{
case AF_INET:
snprintf (buf, buflen, "%d,%d,%d,%d,%d,%d,%d,%d,%d", 4, 4,
- ptr[0], ptr[1], ptr[2], ptr[3], 2,
- (port & 0xff00) >> 8, port & 0xff);
+ ptr[0], ptr[1], ptr[2], ptr[3], 2,
+ (port & 0xff00) >> 8, port & 0xff);
break;
case AF_INET6:
snprintf (buf, buflen,
- "%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d",
- 6, 16,
- ptr[0], ptr[1], ptr[2], ptr[3], ptr[4], ptr[5], ptr[6], ptr[7],
- ptr[8], ptr[9], ptr[10], ptr[11], ptr[12], ptr[13], ptr[14], ptr[15],
- 2, (port & 0xff00) >> 8, port & 0xff);
+ "%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d",
+ 6, 16,
+ ptr[0], ptr[1], ptr[2], ptr[3], ptr[4], ptr[5], ptr[6], ptr[7],
+ ptr[8], ptr[9], ptr[10], ptr[11], ptr[12], ptr[13], ptr[14], ptr[15],
+ 2, (port & 0xff00) >> 8, port & 0xff);
break;
default:
abort ();
}
/* Parse the request. */
s = respline;
- for (s += 4; *s && !ISDIGIT (*s); s++)
+ for (s += 4; *s && !c_isdigit (*s); s++)
;
if (!*s)
return FTPINVPASV;
for (i = 0; i < 6; i++)
{
tmp[i] = 0;
- for (; ISDIGIT (*s); s++)
+ for (; c_isdigit (*s); s++)
tmp[i] = (*s - '0') + 10 * tmp[i];
if (*s == ',')
s++;
/* Parse the response. */
s = respline;
- for (s += 4; *s && !ISDIGIT (*s); s++)
+ for (s += 4; *s && !c_isdigit (*s); s++)
;
if (!*s)
return FTPINVPASV;
/* First, get the address family */
af = 0;
- for (; ISDIGIT (*s); s++)
+ for (; c_isdigit (*s); s++)
af = (*s - '0') + 10 * af;
if (af != 4 && af != 6)
/* Then, get the address length */
addrlen = 0;
- for (; ISDIGIT (*s); s++)
+ for (; c_isdigit (*s); s++)
addrlen = (*s - '0') + 10 * addrlen;
if (!*s || *s++ != ',')
for (i = 0; i < addrlen; i++)
{
tmp[i] = 0;
- for (; ISDIGIT (*s); s++)
+ for (; c_isdigit (*s); s++)
tmp[i] = (*s - '0') + 10 * tmp[i];
if (*s == ',')
s++;
/* Now, get the port length */
portlen = 0;
- for (; ISDIGIT (*s); s++)
+ for (; c_isdigit (*s); s++)
portlen = (*s - '0') + 10 * portlen;
if (!*s || *s++ != ',')
/* Finally, we get the port number */
tmpprt[0] = 0;
- for (; ISDIGIT (*s); s++)
+ for (; c_isdigit (*s); s++)
tmpprt[0] = (*s - '0') + 10 * tmpprt[0];
if (!*s || *s++ != ',')
}
tmpprt[1] = 0;
- for (; ISDIGIT (*s); s++)
+ for (; c_isdigit (*s); s++)
tmpprt[1] = (*s - '0') + 10 * tmpprt[1];
assert (s != NULL);
/* Finally, get the port number */
tport = 0;
- for (i = 1; ISDIGIT (*s); s++)
+ for (i = 1; c_isdigit (*s); s++)
{
if (i > 5)
{
/* Sends the LIST command to the server. If FILE is NULL, send just
`LIST' (no space). */
uerr_t
-ftp_list (int csock, const char *file)
+ftp_list (int csock, const char *file, enum stype rs)
{
char *request, *respline;
int nwritten;
uerr_t err;
bool ok = false;
- int i = 0;
+ size_t i = 0;
/* Try `LIST -a' first and revert to `LIST' in case of failure. */
const char *list_commands[] = { "LIST -a",
"LIST" };
+ /* 2008-01-29 SMS. For a VMS FTP server, where "LIST -a" may not
+ fail, but will never do what is desired here, skip directly to the
+ simple "LIST" command (assumed to be the last one in the list).
+ */
+ if (rs == ST_VMS)
+ i = countof (list_commands)- 1;
+
do {
/* Send request. */
request = ftp_request (list_commands[i], file);
{
err = FTPNSFOD;
}
- else if (*respline == '1')
+ else if (*respline == '1')
{
err = FTPOK;
ok = true;
}
else
{
- err = FTPRERR;
+ err = FTPRERR;
}
xfree (respline);
}
first word of the server response)? */
request = strtok (NULL, " ");
- if (!strcasecmp (request, "VMS"))
+ if (request == NULL)
+ *server_type = ST_OTHER;
+ else if (!strcasecmp (request, "VMS"))
*server_type = ST_VMS;
else if (!strcasecmp (request, "UNIX"))
*server_type = ST_UNIX;
else if (!strcasecmp (request, "WINDOWS_NT")
- || !strcasecmp (request, "WINDOWS2000"))
+ || !strcasecmp (request, "WINDOWS2000"))
*server_type = ST_WINNT;
else if (!strcasecmp (request, "MACOS"))
*server_type = ST_MACOS;
if (params
&& 0 == strncasecmp (params, "type=", 5)
&& params[5] != '\0')
- return TOUPPER (params[5]);
+ return c_toupper (params[5]);
else
return 'I';
}