ftpd: fix command fetching to not do it in 1-byte reads;

fix command de-escaping. Tested to download files with embeeded \xff and LF. libbb: tweaks for the above function old new delta ftpd_main 2231 2321 +90 xmalloc_fgets_internal 190 222 +32 xmalloc_fgets_str_len - 27 +27 xmalloc_fgets_str 7 23 +16 xmalloc_fgetline_str 10 26 +16 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 4/0 up/down: 181/0) Total: 181 bytes
author: Denis Vlasenko <vda.linux@googlemail.com> 2009-03-18 17:32:44 +0000
committer: Denis Vlasenko <vda.linux@googlemail.com> 2009-03-18 17:32:44 +0000
commit: 9f57cf6604638f14390effa01b51c8ad979f14cd (patch)
tree: 713ecefd47867bb5d2b16c4ae3e5acd28c1c90e3 /networking/ftpd.c
parent: fce4a9454c5399c2ce8ca8e87048331c6e3d98fa (diff)
download: busybox-w32-9f57cf6604638f14390effa01b51c8ad979f14cd.tar.gz
busybox-w32-9f57cf6604638f14390effa01b51c8ad979f14cd.tar.bz2
busybox-w32-9f57cf6604638f14390effa01b51c8ad979f14cd.zip
1 files changed, 51 insertions, 14 deletions
diff --git a/networking/ftpd.c b/networking/ftpd.c
index 6630db710..39a4d1869 100644
--- a/networking/ftpd.c
+++ b/networking/ftpd.c
@@ -972,23 +972,60 @@ cmdio_get_cmd_and_arg(void)
        free(G.ftp_cmd);
        len = 8 * 1024; /* Paranoia. Peer may send 1 gigabyte long cmd... */
-        G.ftp_cmd = cmd = xmalloc_reads(STDIN_FILENO, NULL, &len);
+        G.ftp_cmd = cmd = xmalloc_fgets_str_len(stdin, "\r\n", &len);
        if (!cmd)
                exit(0);
-/* TODO: de-escape telnet here: 0xff,0xff => 0xff */
+        /* De-escape telnet: 0xff,0xff => 0xff */
-/* RFC959 says that ABOR, STAT, QUIT may be sent even during
+        /* RFC959 says that ABOR, STAT, QUIT may be sent even during
- * data transfer, and may be preceded by telnet's "Interrupt Process"
+         * data transfer, and may be preceded by telnet's "Interrupt Process"
- * code (two-byte sequence 255,244) and then by telnet "Synch" code
+         * code (two-byte sequence 255,244) and then by telnet "Synch" code
- * 255,242 (byte 242 is sent with TCP URG bit using send(MSG_OOB)
+         * 255,242 (byte 242 is sent with TCP URG bit using send(MSG_OOB)
- * and may generate SIGURG on our side. See RFC854).
+         * and may generate SIGURG on our side. See RFC854).
- * So far we don't support that (may install SIGURG handler if we'd want to),
+         * So far we don't support that (may install SIGURG handler if we'd want to),
- * but we need to at least remove 255,xxx pairs. lftp sends those. */
+         * but we need to at least remove 255,xxx pairs. lftp sends those. */
+        /* Then de-escape FTP: NUL => '\n' */
-        /* Trailing '\n' is already stripped, strip '\r' */
+        /* Testing for \xff:
-        len = strlen(cmd) - 1;
+         * Create file named '\xff': echo Hello >`echo -ne "\xff"`
-        if ((ssize_t)len >= 0 && cmd[len] == '\r')
+         * Try to get it:            ftpget -v 127.0.0.1 Eff `echo -ne "\xff\xff"`
-                cmd[len--] = '\0';
+         * (need "\xff\xff" until ftpget applet is fixed to do escaping :)
+         * Testing for embedded LF:
+         * LF_HERE=`echo -ne "LF\nHERE"`
+         * echo Hello >"$LF_HERE"
+         * ftpget -v 127.0.0.1 LF_HERE "$LF_HERE"
+         */
+        {
+                int dst, src;
+                /* Strip "\r\n" if it is there */
+                if (len != 0 && cmd[len - 1] == '\n') {
+                        len--;
+                        if (len != 0 && cmd[len - 1] == '\r')
+                                len--;
+                        cmd[len] = '\0';
+                }
+                src = strchrnul(cmd, 0xff) - cmd;
+                /* 99,99% there are neither NULs nor 255s and src == len */
+                if (src < len) {
+                        dst = src;
+                        do {
+                                if ((unsigned char)(cmd[src]) == 255) {
+                                        src++;
+                                        /* 255,xxx - skip 255 */
+                                        if ((unsigned char)(cmd[src]) != 255) {
+                                                /* 255,!255 - skip both */
+                                                src++;
+                                                continue;
+                                        }
+                                        /* 255,255 - retain one 255 */
+                                }
+                                /* NUL => '\n' */
+                                cmd[dst++] = cmd[src] ? cmd[src] : '\n';
+                                src++;
+                        } while (src < len);
+                        cmd[dst] = '\0';
+                }
+        }
        if (G.verbose > 1)
                verbose_log(cmd);
author	Denis Vlasenko <vda.linux@googlemail.com>	2009-03-18 17:32:44 +0000
committer	Denis Vlasenko <vda.linux@googlemail.com>	2009-03-18 17:32:44 +0000
commit	9f57cf6604638f14390effa01b51c8ad979f14cd (patch)
tree	713ecefd47867bb5d2b16c4ae3e5acd28c1c90e3 /networking/ftpd.c
parent	fce4a9454c5399c2ce8ca8e87048331c6e3d98fa (diff)
download	busybox-w32-9f57cf6604638f14390effa01b51c8ad979f14cd.tar.gz busybox-w32-9f57cf6604638f14390effa01b51c8ad979f14cd.tar.bz2 busybox-w32-9f57cf6604638f14390effa01b51c8ad979f14cd.zip

diff --git a/networking/ftpd.c b/networking/ftpd.c index 6630db710..39a4d1869 100644 --- a/networking/ftpd.c +++ b/networking/ftpd.c
@@ -972,23 +972,60 @@ cmdio_get_cmd_and_arg(void)
972		972
973	free(G.ftp_cmd);	973	free(G.ftp_cmd);
974	len = 8 * 1024; /* Paranoia. Peer may send 1 gigabyte long cmd... */	974	len = 8 * 1024; /* Paranoia. Peer may send 1 gigabyte long cmd... */
975	G.ftp_cmd = cmd = xmalloc_reads(STDIN_FILENO, NULL, &len);	975	G.ftp_cmd = cmd = xmalloc_fgets_str_len(stdin, "\r\n", &len);
976	if (!cmd)	976	if (!cmd)
977	exit(0);	977	exit(0);
978		978
979	/* TODO: de-escape telnet here: 0xff,0xff => 0xff */	979	/* De-escape telnet: 0xff,0xff => 0xff */
980	/* RFC959 says that ABOR, STAT, QUIT may be sent even during	980	/* RFC959 says that ABOR, STAT, QUIT may be sent even during
981	* data transfer, and may be preceded by telnet's "Interrupt Process"	981	* data transfer, and may be preceded by telnet's "Interrupt Process"
982	* code (two-byte sequence 255,244) and then by telnet "Synch" code	982	* code (two-byte sequence 255,244) and then by telnet "Synch" code
983	* 255,242 (byte 242 is sent with TCP URG bit using send(MSG_OOB)	983	* 255,242 (byte 242 is sent with TCP URG bit using send(MSG_OOB)
984	* and may generate SIGURG on our side. See RFC854).	984	* and may generate SIGURG on our side. See RFC854).
985	* So far we don't support that (may install SIGURG handler if we'd want to),	985	* So far we don't support that (may install SIGURG handler if we'd want to),
986	* but we need to at least remove 255,xxx pairs. lftp sends those. */	986	* but we need to at least remove 255,xxx pairs. lftp sends those. */
987		987	/* Then de-escape FTP: NUL => '\n' */
988	/* Trailing '\n' is already stripped, strip '\r' */	988	/* Testing for \xff:
989	len = strlen(cmd) - 1;	989	* Create file named '\xff': echo Hello >`echo -ne "\xff"`
990	if ((ssize_t)len >= 0 && cmd[len] == '\r')	990	* Try to get it: ftpget -v 127.0.0.1 Eff `echo -ne "\xff\xff"`
991	cmd[len--] = '\0';	991	* (need "\xff\xff" until ftpget applet is fixed to do escaping :)
		992	* Testing for embedded LF:
		993	* LF_HERE=`echo -ne "LF\nHERE"`
		994	* echo Hello >"$LF_HERE"
		995	* ftpget -v 127.0.0.1 LF_HERE "$LF_HERE"
		996	*/
		997	{
		998	int dst, src;
		999
		1000	/* Strip "\r\n" if it is there */
		1001	if (len != 0 && cmd[len - 1] == '\n') {
		1002	len--;
		1003	if (len != 0 && cmd[len - 1] == '\r')
		1004	len--;
		1005	cmd[len] = '\0';
		1006	}
		1007	src = strchrnul(cmd, 0xff) - cmd;
		1008	/* 99,99% there are neither NULs nor 255s and src == len */
		1009	if (src < len) {
		1010	dst = src;
		1011	do {
		1012	if ((unsigned char)(cmd[src]) == 255) {
		1013	src++;
		1014	/* 255,xxx - skip 255 */
		1015	if ((unsigned char)(cmd[src]) != 255) {
		1016	/* 255,!255 - skip both */
		1017	src++;
		1018	continue;
		1019	}
		1020	/* 255,255 - retain one 255 */
		1021	}
		1022	/* NUL => '\n' */
		1023	cmd[dst++] = cmd[src] ? cmd[src] : '\n';
		1024	src++;
		1025	} while (src < len);
		1026	cmd[dst] = '\0';
		1027	}
		1028	}
992		1029
993	if (G.verbose > 1)	1030	if (G.verbose > 1)
994	verbose_log(cmd);	1031	verbose_log(cmd);