summaryrefslogtreecommitdiff
path: root/lib/ftp.c
Commit message (Collapse)AuthorAgeFilesLines
* ftp: make the MKD retry to retry once per directoryRoger Young2021-11-081-5/+6
| | | | | | Reported-by: Roger Young Fixes #7967 Closes #7976
* ftp,imap,pop3,smtp: reject STARTTLS server response pipeliningPatrick Monnerat2021-09-131-0/+3
| | | | | | | | | | | | | If a server pipelines future responses within the STARTTLS response, the former are preserved in the pingpong cache across TLS negotiation and used as responses to the encrypted commands. This fix detects pipelined STARTTLS responses and rejects them with an error. CVE-2021-22947 Bug: https://curl.se/docs/CVE-2021-22947.html
* ftp,imap,pop3: do not ignore --ssl-reqdPatrick Monnerat2021-09-131-3/+6
| | | | | | | | | | | | In imap and pop3, check if TLS is required even when capabilities request has failed. In ftp, ignore preauthentication (230 status of server greeting) if TLS is required. Bug: https://curl.se/docs/CVE-2021-22946.html CVE-2021-22946
* Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"Jonathan Wernberg2021-07-081-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The reverted commit introduced a logic error in code that was correct. The client using libcurl would notice the error since FTP file uploads in active transfer mode would somtimes complete with success despite no transfer having been performed and the "uploaded" file thus not being on the remote server afterwards. The FTP server would notice the error because it receives a RST on the data connection it has established with the client before any data was transferred at all. The logic error happens if the STOR response from the server have arrived by the time ftp_multi_statemach() in the affected code path is called, but the incoming data connection have not arrived yet. In that case, the processing of the STOR response will cause 'ftpc->wait_data_conn' to be set to TRUE, contradicting the comment in the code. Since 'complete' will also be set, later logic would believe the transfer was done. In most cases, the STOR response will not have arrived yet when the affected code path is executed, or the incoming connection will also have arrived, and thus the error would not express itself. But if the speed difference of the device using libcurl and the FTP server is exactly right, the error may happen as often as in one out of hundred file transfers. This reverts commit 49f3117a238b6eac0e22a32f50699a9eddcb66ab. Bug: https://curl.se/mail/lib-2021-07/0025.html Closes #7362
* infof: remove newline from format strings, always append itDaniel Stenberg2021-07-071-50/+50
| | | | | | | | | | | | | | | | - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
* conn: add 'attach' to protocol handler, make libssh2 use itDaniel Stenberg2021-05-171-0/+2
| | | | | | | | | | | The libssh2 backend has SSH session associated with the connection but the callback context is the easy handle, so when a connection gets attached to a transfer, the protocol handler now allows for a custom function to get used to set things up correctly. Reported-by: Michael O'Farrell Fixes #6898 Closes #7078
* lib: remove strlen call from Curl_client_writeJacob Hoffman-Andrews2021-04-291-5/+8
| | | | | | | At all call sites with an explicit 0 len, pass an appropriate nonzero len. Closes #6954
* tidy-up: make conditional checks more consistentDaniel Stenberg2021-04-221-1/+1
| | | | | | ... remove '== NULL' and '!= 0' Closes #6912
* ftp: fix memory leak in ftp_doneDaniel Stenberg2021-03-121-1/+3
| | | | | | | | | If after a transfer is complete Curl_GetFTPResponse() returns an error, curl would not free the ftp->pathalloc block. Found by torture-testing test 576 Closes #6737
* FTP: allow SIZE to fail when doing (resumed) uploadDaniel Stenberg2021-03-111-2/+6
| | | | | | | | | Added test 362 to verify. Reported-by: Jordan Brown Regression since 7ea2e1d0c5a7f (7.73.0) Fixes #6715 Closes #6725
* ftp: fix Codacy/cppcheck warning about null pointer arithmeticMarcel Raad2021-02-101-1/+2
| | | | | | Increment `bytes` only if it is non-null. Closes https://github.com/curl/curl/pull/6576
* ftp: add 'list_only' to the transfer state structDaniel Stenberg2021-02-091-4/+4
| | | | | | | | | and rename it from 'ftp_list_only' since it is also used for SSH and POP3. The state is updated internally for 'type=D' FTP URLs. Added test case 1570 to verify. Closes #6578
* ftp: add 'prefer_ascii' to the transfer state structDaniel Stenberg2021-02-091-9/+10
| | | | | | | | | | | ... and make sure the code never updates 'set.prefer_ascii' as it breaks handle reuse which should use the setting as the user specified it. Added test 1569 to verify: it first makes an FTP transfer with ';type=A' and then another without type on the same handle and the second should then use binary. Previously, curl failed this. Closes #6578
* ftp: never set data->set.ftp_append outside setoptDaniel Stenberg2021-02-081-3/+3
| | | | | | | | | | Since the set value then risks getting used like that when the easy handle is reused by the application. Also: renamed the struct field from 'ftp_append' to 'remote_append' since it is also used for SSH protocols. Closes #6579
* ftp: avoid SIZE when asking for a TYPE A fileDaniel Stenberg2021-02-041-7/+13
| | | | | | | | | | | ... as we ignore it anyway because servers don't report the correct size and proftpd even blatantly returns a 550. Updates a set of tests accordingly. Reported-by: awesomenode on github Fixes #6564 Closes #6565
* pingpong: rename the curl_pp_transfer enum to use PP prefixDaniel Stenberg2021-02-041-19/+19
| | | | Using an FTP prefix for PP provided functionality was misleading.
* urldata: remove the duplicate 'ip_addr_str' fieldDaniel Stenberg2021-01-271-1/+1
| | | | | | ... as the numerical IP address is already stored and kept in 'primary_ip'. Closes #6534
* lib: remove conn->data usesPatrick Monnerat2021-01-261-4/+4
| | | | Closes #6515
* pingpong: remove the 'conn' struct memberDaniel Stenberg2021-01-261-3/+2
| | | | | | | ... as it's superfluous now when Curl_easy is passed in and we can derive the connection from that instead and avoid the duplicate copy. Closes #6525
* hostip/proxy: remove conn->data useDaniel Stenberg2021-01-261-2/+2
| | | | Closes #6513
* hostip: remove conn->data from resolver functionsDaniel Stenberg2021-01-221-6/+6
| | | | | | | This also moves the 'async' struct from the connectdata struct into the Curl_easy struct, which seems like a better home for it. Closes #6497
* ftp: remove conn->data leftoverDaniel Stenberg2021-01-201-1/+1
|
* curl_range: remove conn->dataDaniel Stenberg2021-01-201-1/+1
| | | | Closes #6496
* lib: more conn->data cleanupsDaniel Stenberg2021-01-191-2/+2
| | | | Closes #6479
* vtls: reduce conn->data usePatrick Monnerat2021-01-191-5/+5
| | | | Closes #6474
* lib: pass in 'struct Curl_easy *' to most functionsDaniel Stenberg2021-01-171-422/+455
| | | | | | | | | | | | | | | | | | | | | ... in most cases instead of 'struct connectdata *' but in some cases in addition to. - We mostly operate on transfers and not connections. - We need the transfer handle to log, store data and more. Everything in libcurl is driven by a transfer (the CURL * in the public API). - This work clarifies and separates the transfers from the connections better. - We should avoid "conn->data". Since individual connections can be used by many transfers when multiplexing, making sure that conn->data points to the current and correct transfer at all times is difficult and has been notoriously error-prone over the years. The goal is to ultimately remove the conn->data pointer for this reason. Closes #6425
* failf: remove newline from formatting stringsDaniel Stenberg2020-12-251-1/+1
| | | | | | | | | ... as failf adds one itself. Also: add an assert() to failf() that triggers on a newline in the format string! Closes #6365
* ftp: make wc_statemach loop instead of recurseDaniel Stenberg2020-12-071-100/+102
| | | | | | | | CVE-2020-8285 Fixes #6255 Bug: https://curl.se/docs/CVE-2020-8285.html Reported-by: xnynx on github
* ftp: retry getpeername for FTP with TCP_FASTOPENKlaus Crusius2020-12-061-0/+11
| | | | | | | | | | | | In the case of TFO, the remote host name is not resolved at the connetion time. For FTP that has lead to missing hostname for the secondary connection. Therefore the name resolution is done at the time, when FTP requires it. Fixes #6252 Closes #6265 Closes #6282
* urldata: remove 'void *protop' and create the union 'p'Daniel Stenberg2020-11-231-18/+18
| | | | | | | ... to avoid the use of 'void *' for the protocol specific structs done per transfer. Closes #6238
* curl.se: new homeDaniel Stenberg2020-11-041-1/+1
| | | | Closes #6172
* checksrc: warn on empty line before open braceDaniel Stenberg2020-10-151-1/+0
| | | | | | ... and fix a few occurances Closes #6088
* ftp: make a 552 response return CURLE_REMOTE_DISK_FULLDaniel Stenberg2020-09-261-1/+10
| | | | | | | | | Added test 348 to verify. Added a 'STOR' command to the test FTP server to enable test 348. Documented the command in FILEFORMAT.md Reported-by: Duncan Wilcox Fixes #6016 Closes #6017
* ftp: separate FTPS from FTP over "HTTPS proxy"Daniel Stenberg2020-09-241-10/+6
| | | | | | | | | | When using HTTPS proxy, SSL is used but not in the view of the FTP protocol handler itself so separate the connection's use of SSL from the FTP control connection's sue. Reported-by: Mingtao Yang Fixes #5523 Closes #6006
* pingpong: use a dynbuf for the *_pp_sendf() functionDaniel Stenberg2020-09-231-0/+1
| | | | | | | | | | | | | | ... reuses the same dynamic buffer instead of doing repeated malloc/free cycles. Test case 100 (FTP dir list PASV) does 7 fewer memory allocation calls after this change in my test setup (132 => 125), curl 7.72.0 needed 140 calls for this. Test case 103 makes 9 less allocations now (130). Down from 149 in 7.72.0. Closes #6004
* curl_krb5.h: rename from krb5.hDaniel Stenberg2020-09-221-1/+1
| | | | | | | | | Follow-up from f4873ebd0be32cf Turns out some older openssl installations go bananas otherwise. Reported-by: Tom van der Woerdt Fixes #5995 Closes #5996
* krb5: merged security.c and krb specific FTP functions in hereDaniel Stenberg2020-09-211-70/+4
| | | | | | | | | | | These two files were always tightly connected and it was hard to understand what went into which. This also allows us to make the ftpsend() function static (moved from ftp.c). Removed security.c Renamed curl_sec.h to krb5.h Closes #5987
* Curl_handler: add 'family' to each protocolDaniel Stenberg2020-09-211-0/+2
| | | | | | | Makes get_protocol_family() faster and it moves the knowledge about the "families" to each protocol handler, where it belongs. Closes #5986
* ftp: avoid risk of reading uninitialized integersDaniel Stenberg2020-09-181-2/+2
| | | | | | | | | If the received PASV response doesn't match the expected pattern, we could end up reading uninitialized integers for IP address and port number. Issue pointed out by muse.dev Closes #5972
* ftp: get rid of the PPSENDF macroDaniel Stenberg2020-09-181-156/+150
| | | | | | | The use of such a macro hides some of what's actually going on to the reader and is generally disapproved of in the project. Closes #5971
* ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUNDDaniel Stenberg2020-09-141-1/+5
| | | | | | | | | | | | | | | | | | | | This is primarily interesting for cases where CURLOPT_NOBODY is set as previously curl would not return an error for this case. MDTM getting 550 now also returns this error (it returned CURLE_FTP_COULDNT_RETR_FILE before) in order to unify return codes for missing files across protocols and specific FTP commands. libcurl already returns error on a 550 as a MDTM response (when CURLOPT_FILETIME is set). If CURLOPT_NOBODY is not set, an error would happen subsequently anyway since the RETR command would fail. Add test 1913 and 1914 to verify. Updated several tests accordingly due to the updated SIZE behavior. Reported-by: Tomas Berger Fixes #5953 Closes #5957
* ftp: don't do ssl_shutdown instead of ssl_closeDaniel Stenberg2020-08-101-3/+3
| | | | | | | | | | | | | The shutdown function is for downgrading a connection from TLS to plain, and this is not requested here. Have ssl_close reset the TLS connection state. This partially reverts commit f002c850d98d Reported-by: Rasmus Melchior Jacobsen Reported-by: Denis Goleshchikhin Fixes #5797
* terminology: call them null-terminated stringsDaniel Stenberg2020-06-281-2/+2
| | | | | | | | | | | Updated terminology in docs, comments and phrases to refer to C strings as "null-terminated". Done to unify with how most other C oriented docs refer of them and what users in general seem to prefer (based on a single highly unscientific poll on twitter). Reported-by: coinhubs on github Fixes #5598 Closes #5608
* escape: make the URL decode able to reject only %00 bytesDaniel Stenberg2020-06-251-3/+4
| | | | | | ... or all "control codes" or nothing. Assisted-by: Nicolas Sterchele
* Curl_inet_ntop: always check the return codeDaniel Stenberg2020-06-241-2/+5
| | | | | | Reported-by: Siva Sivaraman Fixes #5412 Closes #5597
* build: disable more code/data when built without proxy supportDaniel Stenberg2020-05-301-7/+21
| | | | | | Added build to travis to verify Closes #5466
* timeouts: change millisecond timeouts to timediff_t from time_tDaniel Stenberg2020-05-301-3/+3
| | | | | | | For millisecond timers we like timediff_t better. Also, time_t can be unsigned so returning a negative value doesn't work then. Closes #5479
* urldata: connect related booleans live in struct ConnectBitsDaniel Stenberg2020-05-271-2/+1
| | | | | | And remove a few unused booleans! Closes #5461
* cleanup: use a single space after equals sign in assignmentsDaniel Stenberg2020-05-261-1/+1
|
* all: fix codespell errorsViktor Szakats2020-05-251-1/+1
| | | | | | Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg Closes https://github.com/curl/curl/pull/5452
View Lorry Controller Status