summaryrefslogtreecommitdiff
path: root/lib/ftp.c
Commit message (Collapse)AuthorAgeFilesLines
* snprintf: renamed and we now only use msnprintf()Daniel Stenberg2018-11-231-15/+15
| | | | | | | | | | | The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297
* memory: ensure to check allocation resultsDaniel Gustafsson2018-10-031-1/+3
| | | | | | | | | | | | | | | | The result of a memory allocation should always be checked, as we may run under memory pressure where even a small allocation can fail. This adds checking and error handling to a few cases where the allocation wasn't checked for success. In the ftp case, the freeing of the path variable is moved ahead of the allocation since there is little point in keeping it around across the strdup, and the separation makes for more readable code. In nwlib, the lock is aslo freed in the error path. Also bumps the copyright years on affected files. Closes #3084 Reviewed-by: Jay Satiro <raysatiro@yahoo.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* ftp: don't access pointer before NULL checkDaniel Stenberg2018-09-231-2/+1
| | | | | | Detected by Coverity. CID 1439611. Follow-up from 46e164069d1a523
* url: use the URL API internally as wellDaniel Stenberg2018-09-221-17/+18
| | | | | | ... to make it a truly unified URL parser. Closes #3017
* ftp: include command in Curl_ftpsend sendbufferDaniel Gustafsson2018-09-131-1/+5
| | | | | | | | | | Commit 8238ba9c5f10414a88f502bf3f5d5a42d632984c inadvertently removed the actual command to be sent from the send buffer in a refactoring. Add back copying the command into the buffer. Also add more guards against malformed input while at it. Closes #2985 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* Curl_debug: remove dead printhost codeDaniel Stenberg2018-06-121-2/+1
| | | | | | | | | The struct field is never set (since 5e0d9aea3) so remove the use of it and remove the connectdata pointer from the prototype. Reported-by: Tejas Bug: https://curl.haxx.se/mail/lib-2018-06/0054.html Closes #2647
* cppcheck: fix warningsMarian Klymov2018-06-111-7/+6
| | | | | | | | | | | | | - Get rid of variable that was generating false positive warning (unitialized) - Fix issues in tests - Reduce scope of several variables all over etc Closes #2631
* lib: Fix format specifiersRikard Falkeborn2018-05-141-2/+2
|
* ftplistparser: keep state between invokesDaniel Stenberg2018-04-241-17/+21
| | | | | | | | | | Fixes FTP wildcard parsing when done over a number of read buffers. Regression from f786d1f14 Reported-by: wncboy on github Fixes #2445 Closes #2526
* Revert "ftplistparser: keep state between invokes"Daniel Stenberg2018-04-241-21/+16
| | | | | | This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934. Caused fuzzer problems on travis not seen when this was a PR!
* ftplistparser: keep state between invokesDaniel Stenberg2018-04-231-16/+21
| | | | | | | | | | Fixes FTP wildcard parsing when doing over a number of read buffers. Regression from f786d1f14 Reported-by: wncboy on github Fixes #2445 Closes #2519
* ftplistparser: renamed some members and variablesDaniel Stenberg2018-04-231-30/+30
| | | | ... to make them better spell out what they're for.
* FTP: allow PASV on IPv6 connections when a proxy is being usedLaurie Clark-Michalek2018-04-061-1/+1
| | | | | | | | | | | | In the situation of a client connecting to an FTP server using an IPv6 tunnel proxy, the connection info will indicate that the connection is IPv6. However, because the server behing the proxy is IPv4, it is permissable to attempt PSV mode. In the case of the FTP server being IPv4 only, EPSV will always fail, and with the current logic curl will be unable to connect to the server, as the IPv6 fwdproxy causes curl to think that EPSV is impossible. Closes #2432
* FTP: fix typo in recursive callback detection for seekingdasimx2018-03-141-1/+1
| | | | Fixes #2380
* FTP: reject path components with control codesDaniel Stenberg2018-03-121-4/+4
| | | | | | | | | | | | | | | Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in the directory part when using the 'singlecwd' ftp method could make curl write a zero byte outside of the allocated buffer. Test case 340 verifies. CVE-2018-1000120 Reported-by: Duy Phan Thanh Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
* spelling fixesViktor Szakats2018-02-231-1/+1
| | | | | | | | Detected using the `codespell` tool. Also contains one URL protocol upgrade. Closes https://github.com/curl/curl/pull/2334
* TODO fixed: Detect when called from within callbacksBjörn Stenberg2018-02-151-2/+14
| | | | Closes #2302
* time_t-fixes: remove typecasts to 'long' for info.filetimeDaniel Stenberg2018-02-011-3/+3
| | | | | | | | They're now wrong. Reported-by: Michael Kaufmann Closes #2277
* Curl_range: commonize FTP and FILE range handlingMax Dymond2018-01-301-57/+8
| | | | Closes #2205
* Curl_timeleft: change return type to timediff_tDaniel Stenberg2017-10-281-3/+3
| | | | | | | | returning 'time_t' is problematic when that type is unsigned and we return values less than zero to signal "already expired", used in several places in the code. Closes #2021
* wildcards: don't use with non-supported protocolsMax Dymond2017-10-261-4/+5
| | | | | | Fixes timeouts in the fuzzing tests for non-FTP protocols. Closes #2016
* time: rename Curl_tvnow to Curl_nowDaniel Stenberg2017-10-251-3/+3
| | | | | | | | | | ... since the 'tv' stood for timeval and this function does not return a timeval struct anymore. Also, cleaned up the Curl_timediff*() functions to avoid typecasts and clean up the descriptive comments. Closes #2011
* timediff: return timediff_t from the time diff functionsDaniel Stenberg2017-10-251-1/+1
| | | | | | | | | | | | | | | ... to cater for systems with unsigned time_t variables. - Renamed the functions to curlx_timediff and Curl_timediff_us. - Added overflow protection for both of them in either direction for both 32 bit and 64 bit time_ts - Reprefixed the curlx_time functions to use Curl_* Reported-by: Peter Piekarski Fixes #2004 Closes #2005
* ftp: reject illegal IP/port in PASV 227 responseDaniel Stenberg2017-10-201-4/+5
| | | | | | | | | | ... by using range checks. Among other things, this avoids an undefined behavior for a left shift that could happen on negative or very large values. Closes #1997 Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
* FTP: URL decode path for dir listing in nocwd modeDaniel Stenberg2017-10-101-12/+9
| | | | | | | | Reported-by: Zenju on github Test 244 added to verify Fixes #1974 Closes #1976
* ftp: UBsan fixup 'pointer index expression overflowed'Daniel Stenberg2017-10-041-2/+2
| | | | Closes #1939
* FTP: zero terminate the entry path even on bad inputDaniel Stenberg2017-10-021-2/+5
| | | | | | | | | | ... a single double quote could leave the entry path buffer without a zero terminating byte. CVE-2017-1000254 Test 1152 added to verify. Reported-by: Max Dymond Bug: https://curl.haxx.se/docs/adv_20171004.html
* code style: remove wrong uses of multiple spacesDaniel Stenberg2017-09-121-1/+1
| | | | Closes #1878
* code style: use spaces around plusesDaniel Stenberg2017-09-111-6/+6
|
* code style: use spaces around equals signsDaniel Stenberg2017-09-111-56/+55
|
* ftp: fix CWD when doing multicwd then nocwd on same connectionDaniel Stenberg2017-08-171-1/+3
| | | | | | Fixes #1782 Closes #1787 Reported-by: Peter Lamare
* strtoofft: reduce integer overflow risks globallyDaniel Stenberg2017-08-141-15/+18
| | | | | | | ... make sure we bail out on overflows. Reported-by: Brian Carpenter Closes #1758
* FTP: skip unnecessary CWD when in nocwd modeDaniel Stenberg2017-08-041-10/+13
| | | | | | ... when reusing a connection. If it didn't do any CWD previously. Fixes #1718
* timeval: struct curltime is a struct timeval replacementDaniel Stenberg2017-07-281-1/+1
| | | | | | | | | ... to make all libcurl internals able to use the same data types for the struct members. The timeval struct differs subtly on several platforms so it makes it cumbersome to use everywhere. Ref: #1652 Closes #1693
* handler: refactor connection checkingMax Dymond2017-06-301-0/+2
| | | | | | Add a new type of callback to Curl_handler which performs checks on the connection. Alter RTSP so that it uses this callback to do its own check on connection health.
* http-proxy: only attempt FTP over HTTP proxyDaniel Stenberg2017-06-151-77/+2
| | | | | | | | | | ... all other non-HTTP protocol schemes are now defaulting to "tunnel trough" mode if a HTTP proxy is specified. In reality there are no HTTP proxies out there that allow those other schemes. Assisted-by: Ray Satiro, Michael Kaufmann Closes #1505
* http-proxy: do the HTTP CONNECT process entirely non-blockingDaniel Stenberg2017-06-141-3/+2
| | | | | | | Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
* multi: assign IDs to all timers and make each timer singletonDaniel Stenberg2017-05-101-4/+2
| | | | | | | A) reduces the timeout lists drastically B) prevents a lot of superfluous loops for timers that expires "in vain" when it has actually already been extended to fire later on
* buffer: use data->set.buffer_size instead of BUFSIZEDaniel Stenberg2017-05-011-2/+3
| | | | ... to properly use the dynamically set buffer size!
* buffer_size: make sure it always has the correct sizeDaniel Stenberg2017-05-011-1/+1
| | | | Removes the need for CURL_BUFSIZE
* ftp: use private buffer for temp storage, not receive bufferDaniel Stenberg2017-05-011-10/+12
|
* http-proxy: remove unused argument from Curl_proxyCONNECT()Daniel Stenberg2017-04-261-1/+1
|
* llist: replace Curl_llist_alloc with Curl_llist_initDaniel Stenberg2017-04-041-7/+8
| | | | | | | | No longer allocate the curl_llist head struct for lists separately. Removes 17 (15%) tiny allocations in a normal "curl localhost" invoke. closes #1381
* spelling fixesklemens2017-03-261-5/+5
| | | | Closes #1356
* Improve code readbilitySylvestre Ledru2017-03-131-41/+32
| | | | | | ... by removing the else branch after a return, break or continue. Closes #1310
* build: fix gcc7 implicit fallthrough warningsAlexis La Goutte2017-03-031-0/+1
| | | | | | | Mark intended fallthroughs with /* FALLTHROUGH */ so that gcc will know it's expected and won't warn on [-Wimplicit-fallthrough=]. Closes https://github.com/curl/curl/pull/1297
* ftp: fixed a NULL pointer dereference on OOMDan Fandrich2017-02-251-2/+5
|
* ftp: removed an erroneous free in an OOM pathDan Fandrich2017-02-251-1/+0
|
* CURLOPT_BUFFERSIZE: support enlarging receive bufferRichy Kim2017-01-191-3/+4
| | | | | | | | | | Replace use of fixed macro BUFSIZE to define the size of the receive buffer. Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive buffer size. Upon setting, resize buffer if larger than the current default size up to a MAX_BUFSIZE (512KB). This can benefit protocols like SFTP. Closes #1222
* ftp: failure to resolve proxy should return that error codeDaniel Stenberg2016-12-251-1/+1
|
View Lorry Controller Status