X-Git-Url: http://sjero.net/git/?p=wget;a=blobdiff_plain;f=src%2Fftp-basic.c;h=24026e194d89f0bff978e504ded1ab58189dea07;hp=409bacf1f96b5358ea62cd1af86821cae8ab966f;hb=4d7c5e087b2bc82c9f503dff003916d1047903ce;hpb=d9fea91a0a319e348adb504bd3edff148ff3d8a0
diff --git a/src/ftp-basic.c b/src/ftp-basic.c
index 409bacf1..24026e19 100644
--- a/src/ftp-basic.c
+++ b/src/ftp-basic.c
@@ -1,11 +1,11 @@
/* Basic FTP routines.
- Copyright (C) 1995, 1996, 1997, 1998, 2000 Free Software Foundation, Inc.
+ Copyright (C) 1996-2007 Free Software Foundation, Inc.
This file is part of GNU Wget.
GNU Wget is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
+the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
GNU Wget is distributed in the hope that it will be useful,
@@ -14,8 +14,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
-along with Wget; if not, write to the Free Software
-Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+along with Wget. If not, see .
In addition, as a special exception, the Free Software Foundation
gives permission to link the code of its release of Wget with the
@@ -34,15 +33,10 @@ so, delete this exception statement from your version. */
#include
#include
-#ifdef HAVE_STRING_H
-# include
-#else
-# include
-#endif
+#include
#ifdef HAVE_UNISTD_H
# include
#endif
-#include
#include "wget.h"
#include "utils.h"
@@ -57,27 +51,39 @@ char ftp_last_respline[128];
/* Get the response of FTP server and allocate enough room to handle
it. and characters are stripped from the line, and the
line is 0-terminated. All the response lines but the last one are
- skipped. The last line is determined as described in RFC959. */
+ skipped. The last line is determined as described in RFC959.
+
+ If the line is successfully read, FTPOK is returned, and *ret_line
+ is assigned a freshly allocated line. Otherwise, FTPRERR is
+ returned, and the value of *ret_line should be ignored. */
+
uerr_t
ftp_response (int fd, char **ret_line)
{
while (1)
{
+ char *p;
char *line = fd_read_line (fd);
if (!line)
return FTPRERR;
+
+ /* Strip trailing CRLF before printing the line, so that
+ escnonprint doesn't include bogus \012 and \015. */
+ p = strchr (line, '\0');
+ if (p > line && p[-1] == '\n')
+ *--p = '\0';
+ if (p > line && p[-1] == '\r')
+ *--p = '\0';
+
if (opt.server_response)
- logputs (LOG_NOTQUIET, line);
+ logprintf (LOG_NOTQUIET, "%s\n", escnonprint (line));
else
- DEBUGP (("%s", line));
+ DEBUGP (("%s\n", escnonprint (line)));
+
+ /* The last line of output is the one that begins with "ddd ". */
if (ISDIGIT (line[0]) && ISDIGIT (line[1]) && ISDIGIT (line[2])
&& line[3] == ' ')
{
- char *p = line + strlen (line);
- if (p > line && p[-1] == '\n')
- *--p = '\0';
- if (p > line && p[-1] == '\r')
- *--p = '\0';
strncpy (ftp_last_respline, line, sizeof (ftp_last_respline));
ftp_last_respline[sizeof (ftp_last_respline) - 1] = '\0';
*ret_line = line;
@@ -93,10 +99,31 @@ ftp_response (int fd, char **ret_line)
static char *
ftp_request (const char *command, const char *value)
{
- char *res = (char *)xmalloc (strlen (command)
- + (value ? (1 + strlen (value)) : 0)
- + 2 + 1);
- sprintf (res, "%s%s%s\r\n", command, value ? " " : "", value ? value : "");
+ char *res;
+ if (value)
+ {
+ /* Check for newlines in VALUE (possibly injected by the %0A URL
+ escape) making the callers inadvertently send multiple FTP
+ commands at once. Without this check an attacker could
+ intentionally redirect to ftp://server/fakedir%0Acommand.../
+ and execute arbitrary FTP command on a remote FTP server. */
+ if (strpbrk (value, "\r\n"))
+ {
+ /* Copy VALUE to the stack and modify CR/LF to space. */
+ char *defanged, *p;
+ STRDUP_ALLOCA (defanged, value);
+ for (p = defanged; *p; p++)
+ if (*p == '\r' || *p == '\n')
+ *p = ' ';
+ DEBUGP (("\nDetected newlines in %s \"%s\"; changing to %s \"%s\"\n",
+ command, escnonprint (value), command, escnonprint (defanged)));
+ /* Make VALUE point to the defanged copy of the string. */
+ value = defanged;
+ }
+ res = concat_strings (command, " ", value, "\r\n", (char *) 0);
+ }
+ else
+ res = concat_strings (command, "\r\n", (char *) 0);
if (opt.server_response)
{
/* Hack: don't print out password. */
@@ -122,10 +149,7 @@ ftp_login (int csock, const char *acc, const char *pass)
/* Get greeting. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '2')
{
xfree (respline);
@@ -144,10 +168,7 @@ ftp_login (int csock, const char *acc, const char *pass)
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
/* An unprobable possibility of logging without a password. */
if (*respline == '2')
{
@@ -160,7 +181,7 @@ ftp_login (int csock, const char *acc, const char *pass)
xfree (respline);
return FTPLOGREFUSED;
}
-#ifdef USE_OPIE
+#ifdef ENABLE_OPIE
{
static const char *skey_head[] = {
"331 s/key ",
@@ -197,7 +218,7 @@ ftp_login (int csock, const char *acc, const char *pass)
pass = skey_response (skey_sequence, seed, pass);
}
}
-#endif /* USE_OPIE */
+#endif /* ENABLE_OPIE */
xfree (respline);
/* Send PASS password. */
request = ftp_request ("PASS", pass);
@@ -211,10 +232,7 @@ ftp_login (int csock, const char *acc, const char *pass)
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '2')
{
xfree (respline);
@@ -231,13 +249,11 @@ ip_address_to_port_repr (const ip_address *addr, int port, char *buf,
{
unsigned char *ptr;
- assert (addr != NULL);
- assert (addr->type == IPV4_ADDRESS);
- assert (buf != NULL);
+ assert (addr->family == AF_INET);
/* buf must contain the argument of PORT (of the form a,b,c,d,e,f). */
assert (buflen >= 6 * 4);
- ptr = ADDRESS_IPV4_DATA (addr);
+ ptr = IP_INADDR_DATA (addr);
snprintf (buf, buflen, "%d,%d,%d,%d,%d,%d", ptr[0], ptr[1],
ptr[2], ptr[3], (port & 0xff00) >> 8, port & 0xff);
buf[buflen - 1] = '\0';
@@ -261,7 +277,7 @@ ftp_port (int csock, int *local_sock)
if (!socket_ip_address (csock, &addr, ENDPOINT_LOCAL))
return FTPSYSERR;
- assert (addr.type == IPV4_ADDRESS);
+ assert (addr.family == AF_INET);
/* Setting port to 0 lets the system choose a free port. */
port = 0;
@@ -289,7 +305,6 @@ ftp_port (int csock, int *local_sock)
err = ftp_response (csock, &respline);
if (err != FTPOK)
{
- xfree (respline);
fd_close (*local_sock);
return err;
}
@@ -308,32 +323,29 @@ static void
ip_address_to_lprt_repr (const ip_address *addr, int port, char *buf,
size_t buflen)
{
- unsigned char *ptr;
+ unsigned char *ptr = IP_INADDR_DATA (addr);
- assert (addr != NULL);
- assert (addr->type == IPV4_ADDRESS || addr->type == IPV6_ADDRESS);
- assert (buf != NULL);
/* buf must contain the argument of LPRT (of the form af,n,h1,h2,...,hn,p1,p2). */
assert (buflen >= 21 * 4);
/* Construct the argument of LPRT (of the form af,n,h1,h2,...,hn,p1,p2). */
- switch (addr->type)
- {
- case IPV4_ADDRESS:
- ptr = ADDRESS_IPV4_DATA (addr);
- snprintf (buf, buflen, "%d,%d,%d,%d,%d,%d,%d,%d,%d", 4, 4,
- ptr[0], ptr[1], ptr[2], ptr[3], 2,
- (port & 0xff00) >> 8, port & 0xff);
- buf[buflen - 1] = '\0';
- break;
- case IPV6_ADDRESS:
- ptr = ADDRESS_IPV6_DATA (addr);
- snprintf (buf, buflen, "%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d",
- 6, 16, ptr[0], ptr[1], ptr[2], ptr[3], ptr[4], ptr[5], ptr[6], ptr[7],
- ptr[8], ptr[9], ptr[10], ptr[11], ptr[12], ptr[13], ptr[14], ptr[15], 2,
- (port & 0xff00) >> 8, port & 0xff);
- buf[buflen - 1] = '\0';
- break;
+ switch (addr->family)
+ {
+ case AF_INET:
+ snprintf (buf, buflen, "%d,%d,%d,%d,%d,%d,%d,%d,%d", 4, 4,
+ ptr[0], ptr[1], ptr[2], ptr[3], 2,
+ (port & 0xff00) >> 8, port & 0xff);
+ break;
+ case AF_INET6:
+ snprintf (buf, buflen,
+ "%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d",
+ 6, 16,
+ ptr[0], ptr[1], ptr[2], ptr[3], ptr[4], ptr[5], ptr[6], ptr[7],
+ ptr[8], ptr[9], ptr[10], ptr[11], ptr[12], ptr[13], ptr[14], ptr[15],
+ 2, (port & 0xff00) >> 8, port & 0xff);
+ break;
+ default:
+ abort ();
}
}
@@ -355,7 +367,7 @@ ftp_lprt (int csock, int *local_sock)
if (!socket_ip_address (csock, &addr, ENDPOINT_LOCAL))
return FTPSYSERR;
- assert (addr.type == IPV4_ADDRESS || addr.type == IPV6_ADDRESS);
+ assert (addr.family == AF_INET || addr.family == AF_INET6);
/* Setting port to 0 lets the system choose a free port. */
port = 0;
@@ -382,7 +394,6 @@ ftp_lprt (int csock, int *local_sock)
err = ftp_response (csock, &respline);
if (err != FTPOK)
{
- xfree (respline);
fd_close (*local_sock);
return err;
}
@@ -402,17 +413,14 @@ ip_address_to_eprt_repr (const ip_address *addr, int port, char *buf,
{
int afnum;
- assert (addr != NULL);
- assert (addr->type == IPV4_ADDRESS || addr->type == IPV6_ADDRESS);
- assert (buf != NULL);
/* buf must contain the argument of EPRT (of the form |af|addr|port|).
* 4 chars for the | separators, INET6_ADDRSTRLEN chars for addr
* 1 char for af (1-2) and 5 chars for port (0-65535) */
assert (buflen >= 4 + INET6_ADDRSTRLEN + 1 + 5);
/* Construct the argument of EPRT (of the form |af|addr|port|). */
- afnum = (addr->type == IPV4_ADDRESS ? 1 : 2);
- snprintf (buf, buflen, "|%d|%s|%d|", afnum, pretty_print_address (addr), port);
+ afnum = (addr->family == AF_INET ? 1 : 2);
+ snprintf (buf, buflen, "|%d|%s|%d|", afnum, print_address (addr), port);
buf[buflen - 1] = '\0';
}
@@ -428,7 +436,7 @@ ftp_eprt (int csock, int *local_sock)
int nwritten;
int port;
/* Must contain the argument of EPRT (of the form |af|addr|port|).
- * 4 chars for the | separators, ENABLE_IPV6_ADDRSTRLEN chars for addr
+ * 4 chars for the | separators, INET6_ADDRSTRLEN chars for addr
* 1 char for af (1-2) and 5 chars for port (0-65535) */
char bytes[4 + INET6_ADDRSTRLEN + 1 + 5 + 1];
@@ -436,8 +444,6 @@ ftp_eprt (int csock, int *local_sock)
if (!socket_ip_address (csock, &addr, ENDPOINT_LOCAL))
return FTPSYSERR;
- assert (addr.type == IPV4_ADDRESS || addr.type == IPV6_ADDRESS);
-
/* Setting port to 0 lets the system choose a free port. */
port = 0;
@@ -446,7 +452,7 @@ ftp_eprt (int csock, int *local_sock)
if (*local_sock < 0)
return FTPSYSERR;
- /* Construct the argument of LPRT (of the form af,n,h1,h2,...,hn,p1,p2). */
+ /* Construct the argument of EPRT (of the form |af|addr|port|). */
ip_address_to_eprt_repr (&addr, port, bytes, sizeof (bytes));
/* Send PORT request. */
@@ -463,7 +469,6 @@ ftp_eprt (int csock, int *local_sock)
err = ftp_response (csock, &respline);
if (err != FTPOK)
{
- xfree (respline);
fd_close (*local_sock);
return err;
}
@@ -492,7 +497,7 @@ ftp_pasv (int csock, ip_address *addr, int *port)
assert (addr != NULL);
assert (port != NULL);
- memset (addr, 0, sizeof (ip_address));
+ xzero (*addr);
/* Form the request. */
request = ftp_request ("PASV", NULL);
@@ -507,10 +512,7 @@ ftp_pasv (int csock, ip_address *addr, int *port)
/* Get the server response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '2')
{
xfree (respline);
@@ -518,7 +520,8 @@ ftp_pasv (int csock, ip_address *addr, int *port)
}
/* Parse the request. */
s = respline;
- for (s += 4; *s && !ISDIGIT (*s); s++);
+ for (s += 4; *s && !ISDIGIT (*s); s++)
+ ;
if (!*s)
return FTPINVPASV;
for (i = 0; i < 6; i++)
@@ -537,8 +540,8 @@ ftp_pasv (int csock, ip_address *addr, int *port)
}
xfree (respline);
- addr->type = IPV4_ADDRESS;
- memcpy (ADDRESS_IPV4_DATA (addr), tmp, 4);
+ addr->family = AF_INET;
+ memcpy (IP_INADDR_DATA (addr), tmp, 4);
*port = ((tmp[4] << 8) & 0xff00) + tmp[5];
return FTPOK;
@@ -560,7 +563,7 @@ ftp_lpsv (int csock, ip_address *addr, int *port)
assert (addr != NULL);
assert (port != NULL);
- memset (addr, 0, sizeof (ip_address));
+ xzero (*addr);
/* Form the request. */
request = ftp_request ("LPSV", NULL);
@@ -577,10 +580,7 @@ ftp_lpsv (int csock, ip_address *addr, int *port)
/* Get the server response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '2')
{
xfree (respline);
@@ -589,7 +589,8 @@ ftp_lpsv (int csock, ip_address *addr, int *port)
/* Parse the response. */
s = respline;
- for (s += 4; *s && !ISDIGIT (*s); s++);
+ for (s += 4; *s && !ISDIGIT (*s); s++)
+ ;
if (!*s)
return FTPINVPASV;
@@ -685,10 +686,10 @@ ftp_lpsv (int csock, ip_address *addr, int *port)
if (af == 4)
{
- addr->type = IPV4_ADDRESS;
- memcpy (ADDRESS_IPV4_DATA (addr), tmp, 4);
+ addr->family = AF_INET;
+ memcpy (IP_INADDR_DATA (addr), tmp, 4);
*port = ((tmpprt[0] << 8) & 0xff00) + tmpprt[1];
- DEBUGP (("lpsv addr is: %s\n", pretty_print_address(addr)));
+ DEBUGP (("lpsv addr is: %s\n", print_address(addr)));
DEBUGP (("tmpprt[0] is: %d\n", tmpprt[0]));
DEBUGP (("tmpprt[1] is: %d\n", tmpprt[1]));
DEBUGP (("*port is: %d\n", *port));
@@ -696,10 +697,10 @@ ftp_lpsv (int csock, ip_address *addr, int *port)
else
{
assert (af == 6);
- addr->type = IPV6_ADDRESS;
- memcpy (ADDRESS_IPV6_DATA (addr), tmp, 16);
+ addr->family = AF_INET6;
+ memcpy (IP_INADDR_DATA (addr), tmp, 16);
*port = ((tmpprt[0] << 8) & 0xff00) + tmpprt[1];
- DEBUGP (("lpsv addr is: %s\n", pretty_print_address(addr)));
+ DEBUGP (("lpsv addr is: %s\n", print_address(addr)));
DEBUGP (("tmpprt[0] is: %d\n", tmpprt[0]));
DEBUGP (("tmpprt[1] is: %d\n", tmpprt[1]));
DEBUGP (("*port is: %d\n", *port));
@@ -728,7 +729,7 @@ ftp_epsv (int csock, ip_address *ip, int *port)
/* Form the request. */
/* EPSV 1 means that we ask for IPv4 and EPSV 2 means that we ask for IPv6. */
- request = ftp_request ("EPSV", (ip->type == IPV4_ADDRESS ? "1" : "2"));
+ request = ftp_request ("EPSV", (ip->family == AF_INET ? "1" : "2"));
/* And send it. */
nwritten = fd_write (csock, request, strlen (request), -1);
@@ -742,10 +743,7 @@ ftp_epsv (int csock, ip_address *ip, int *port)
/* Get the server response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '2')
{
xfree (respline);
@@ -841,10 +839,7 @@ ftp_type (int csock, int type)
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '2')
{
xfree (respline);
@@ -876,10 +871,7 @@ ftp_cwd (int csock, const char *dir)
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline == '5')
{
xfree (respline);
@@ -897,15 +889,13 @@ ftp_cwd (int csock, const char *dir)
/* Sends REST command to the FTP server. */
uerr_t
-ftp_rest (int csock, long offset)
+ftp_rest (int csock, wgint offset)
{
char *request, *respline;
int nwritten;
uerr_t err;
- static char numbuf[24]; /* Buffer for the number */
- number_to_string (numbuf, offset);
- request = ftp_request ("REST", numbuf);
+ request = ftp_request ("REST", number_to_static_string (offset));
nwritten = fd_write (csock, request, strlen (request), -1);
if (nwritten < 0)
{
@@ -916,10 +906,7 @@ ftp_rest (int csock, long offset)
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline != '3')
{
xfree (respline);
@@ -950,10 +937,7 @@ ftp_retr (int csock, const char *file)
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline == '5')
{
xfree (respline);
@@ -977,36 +961,45 @@ ftp_list (int csock, const char *file)
char *request, *respline;
int nwritten;
uerr_t err;
-
- /* Send LIST request. */
- request = ftp_request ("LIST", file);
- nwritten = fd_write (csock, request, strlen (request), -1);
- if (nwritten < 0)
- {
- xfree (request);
- return WRITEFAILED;
- }
- xfree (request);
- /* Get appropriate respone. */
- err = ftp_response (csock, &respline);
- if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
- if (*respline == '5')
- {
- xfree (respline);
- return FTPNSFOD;
- }
- if (*respline != '1')
- {
- xfree (respline);
- return FTPRERR;
- }
- xfree (respline);
- /* All OK. */
- return FTPOK;
+ bool ok = false;
+ int i = 0;
+ /* Try `LIST -a' first and revert to `LIST' in case of failure. */
+ const char *list_commands[] = { "LIST -a",
+ "LIST" };
+
+ do {
+ /* Send request. */
+ request = ftp_request (list_commands[i], file);
+ nwritten = fd_write (csock, request, strlen (request), -1);
+ if (nwritten < 0)
+ {
+ xfree (request);
+ return WRITEFAILED;
+ }
+ xfree (request);
+ /* Get appropriate response. */
+ err = ftp_response (csock, &respline);
+ if (err == FTPOK)
+ {
+ if (*respline == '5')
+ {
+ err = FTPNSFOD;
+ }
+ else if (*respline == '1')
+ {
+ err = FTPOK;
+ ok = true;
+ }
+ else
+ {
+ err = FTPRERR;
+ }
+ xfree (respline);
+ }
+ ++i;
+ } while (i < countof (list_commands) && !ok);
+
+ return err;
}
/* Sends the SYST command to the server. */
@@ -1030,10 +1023,7 @@ ftp_syst (int csock, enum stype *server_type)
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline == '5')
{
xfree (respline);
@@ -1047,7 +1037,9 @@ ftp_syst (int csock, enum stype *server_type)
first word of the server response)? */
request = strtok (NULL, " ");
- if (!strcasecmp (request, "VMS"))
+ if (request == NULL)
+ *server_type = ST_OTHER;
+ else if (!strcasecmp (request, "VMS"))
*server_type = ST_VMS;
else if (!strcasecmp (request, "UNIX"))
*server_type = ST_UNIX;
@@ -1086,12 +1078,10 @@ ftp_pwd (int csock, char **pwd)
/* Get appropriate response. */
err = ftp_response (csock, &respline);
if (err != FTPOK)
- {
- xfree (respline);
- return err;
- }
+ return err;
if (*respline == '5')
{
+ err:
xfree (respline);
return FTPSRVERR;
}
@@ -1100,6 +1090,10 @@ ftp_pwd (int csock, char **pwd)
and everything following it. */
strtok (respline, "\"");
request = strtok (NULL, "\"");
+ if (!request)
+ /* Treat the malformed response as an error, which the caller has
+ to handle gracefully anyway. */
+ goto err;
/* Has the `pwd' been already allocated? Free! */
xfree_null (*pwd);
@@ -1114,7 +1108,7 @@ ftp_pwd (int csock, char **pwd)
/* Sends the SIZE command to the server, and returns the value in 'size'.
* If an error occurs, size is set to zero. */
uerr_t
-ftp_size (int csock, const char *file, long int *size)
+ftp_size (int csock, const char *file, wgint *size)
{
char *request, *respline;
int nwritten;
@@ -1134,7 +1128,6 @@ ftp_size (int csock, const char *file, long int *size)
err = ftp_response (csock, &respline);
if (err != FTPOK)
{
- xfree (respline);
*size = 0;
return err;
}
@@ -1150,8 +1143,8 @@ ftp_size (int csock, const char *file, long int *size)
}
errno = 0;
- *size = strtol (respline + 4, NULL, 0);
- if (errno)
+ *size = str_to_wgint (respline + 4, NULL, 10);
+ if (errno)
{
/*
* Couldn't parse the response for some reason. On the (few)