[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 98/282: ftp: remove superfluous checking for crlf in user or pwd
From: |
gnunet |
Subject: |
[gnurl] 98/282: ftp: remove superfluous checking for crlf in user or pwd |
Date: |
Wed, 01 Apr 2020 14:29:23 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 950b53da0d47f8975a062b9fbba9e1db0efb8f31
Author: Daniel Stenberg <address@hidden>
AuthorDate: Thu Feb 6 11:36:53 2020 +0100
ftp: remove superfluous checking for crlf in user or pwd
... as this is already done much earlier in the URL parser.
Also add test case 894 that verifies that pop3 with an encodedd CR in
the user name is rejected.
Closes #4887
---
lib/ftp.c | 17 -----------------
tests/data/Makefile.inc | 3 +--
tests/data/test894 | 37 +++++++++++++++++++++++++++++++++++++
3 files changed, 38 insertions(+), 19 deletions(-)
diff --git a/lib/ftp.c b/lib/ftp.c
index c20b6bf10..60fea5421 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -253,18 +253,6 @@ static void freedirs(struct ftp_conn *ftpc)
Curl_safefree(ftpc->newhost);
}
-/* Returns non-zero if the given string contains CR (\r) or LF (\n),
- which are not allowed within RFC 959 <string>.
- Note: The input string is in the client's encoding which might
- not be ASCII, so escape sequences \r & \n must be used instead
- of hex values 0x0d & 0x0a.
-*/
-static bool isBadFtpString(const char *string)
-{
- return ((NULL != strchr(string, '\r')) ||
- (NULL != strchr(string, '\n'))) ? TRUE : FALSE;
-}
-
/***********************************************************************
*
* AcceptServerConnect()
@@ -4377,11 +4365,6 @@ static CURLcode ftp_setup_connection(struct connectdata
*conn)
*/
ftp->user = conn->user;
ftp->passwd = conn->passwd;
- if(isBadFtpString(ftp->user))
- return CURLE_URL_MALFORMAT;
- if(isBadFtpString(ftp->passwd))
- return CURLE_URL_MALFORMAT;
-
conn->proto.ftpc.known_filesize = -1; /* unknown size for now */
return CURLE_OK;
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index f72ccbc16..5fbe18396 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -96,12 +96,11 @@ test818 test819 test820 test821 test822 test823 test824
test825 test826 \
test827 test828 test829 test830 test831 test832 test833 test834 test835 \
test836 test837 test838 test839 test840 test841 test842 test843 test844 \
test845 test846 test847 test848 test849 \
-\
test850 test851 test852 test853 test854 test855 test856 test857 test858 \
test859 test860 test861 test862 test863 test864 test865 test866 test867 \
test868 test869 test870 test871 test872 test873 test874 test875 test876 \
test877 test878 test879 test880 test881 test882 test883 test884 test885 \
-test886 test887 test888 test889 test890 test891 test892 test893 \
+test886 test887 test888 test889 test890 test891 test892 test893 test894 \
\
test900 test901 test902 test903 test904 test905 test906 test907 test908 \
test909 test910 test911 test912 test913 test914 test915 test916 test917 \
diff --git a/tests/data/test894 b/tests/data/test894
new file mode 100644
index 000000000..db79830ca
--- /dev/null
+++ b/tests/data/test894
@@ -0,0 +1,37 @@
+<testcase>
+<info>
+<keywords>
+POP3
+Clear Text
+RETR
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+pop3
+</server>
+ <name>
+POP3 with CR in username
+ </name>
+ <command>
+pop3://user%0dFRIGGING_cmd:secret@%HOSTIP:%POP3PORT/894
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# malformed URL
+<errorcode>
+3
+</errorcode>
+</verify>
+</testcase>
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 104/282: asyn-thread: remove dead code, (continued)
- [gnurl] 104/282: asyn-thread: remove dead code, gnunet, 2020/04/01
- [gnurl] 92/282: curl: error on --alt-svc use w/o support, gnunet, 2020/04/01
- [gnurl] 99/282: ftp: remove the duplicated user/password struct fields, gnunet, 2020/04/01
- [gnurl] 91/282: docs/HTTP3: add --enable-alt-svc to curl's configure, gnunet, 2020/04/01
- [gnurl] 93/282: ftp: shrink temp buffers used for PORT, gnunet, 2020/04/01
- [gnurl] 102/282: configure.ac: fix comments about --with-quiche, gnunet, 2020/04/01
- [gnurl] 95/282: contrithanks: Use the most recent tag by default, gnunet, 2020/04/01
- [gnurl] 101/282: checksrc.bat: Fix not being able to run script from the main curl directory, gnunet, 2020/04/01
- [gnurl] 103/282: github: Instructions to post "uname -a" on Unix systems in issues, gnunet, 2020/04/01
- [gnurl] 94/282: scripts: use last set tag if none given, gnunet, 2020/04/01
- [gnurl] 98/282: ftp: remove superfluous checking for crlf in user or pwd,
gnunet <=
- [gnurl] 105/282: url: Include the failure reason when curl_win32_idn_to_ascii() fails, gnunet, 2020/04/01
- [gnurl] 100/282: digest: Do not quote algorithm in HTTP authorisation, gnunet, 2020/04/01
- [gnurl] 106/282: altsvc: keep a copy of the file name to survive handle reset, gnunet, 2020/04/01
- [gnurl] 112/282: multi: fix outdated comment, gnunet, 2020/04/01
- [gnurl] 113/282: strerror: Increase STRERROR_LEN 128 -> 256, gnunet, 2020/04/01
- [gnurl] 107/282: smtp: Simplify the MAIL command and avoid a duplication of send strings, gnunet, 2020/04/01
- [gnurl] 111/282: easy: remove dead code, gnunet, 2020/04/01
- [gnurl] 108/282: RELEASE-NOTES: synced, gnunet, 2020/04/01
- [gnurl] 120/282: CURLINFO_COOKIELIST.3: Fix example, gnunet, 2020/04/01
- [gnurl] 121/282: ftp: convert 'sock_accepted' to a plain boolean, gnunet, 2020/04/01