gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnurl] 98/282: ftp: remove superfluous checking for crlf in user or pwd

From: gnunet
Subject: [gnurl] 98/282: ftp: remove superfluous checking for crlf in user or pwd
Date: Wed, 01 Apr 2020 14:29:23 +0200 
This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit 950b53da0d47f8975a062b9fbba9e1db0efb8f31
Author: Daniel Stenberg <address@hidden>
AuthorDate: Thu Feb 6 11:36:53 2020 +0100

    ftp: remove superfluous checking for crlf in user or pwd
    
    ... as this is already done much earlier in the URL parser.
    
    Also add test case 894 that verifies that pop3 with an encodedd CR in
    the user name is rejected.
    
    Closes #4887
---
 lib/ftp.c               | 17 -----------------
 tests/data/Makefile.inc |  3 +--
 tests/data/test894      | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 19 deletions(-)

diff --git a/lib/ftp.c b/lib/ftp.c
index c20b6bf10..60fea5421 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -253,18 +253,6 @@ static void freedirs(struct ftp_conn *ftpc)
   Curl_safefree(ftpc->newhost);
 }
 
-/* Returns non-zero if the given string contains CR (\r) or LF (\n),
-   which are not allowed within RFC 959 <string>.
-   Note: The input string is in the client's encoding which might
-   not be ASCII, so escape sequences \r & \n must be used instead
-   of hex values 0x0d & 0x0a.
-*/
-static bool isBadFtpString(const char *string)
-{
-  return ((NULL != strchr(string, '\r')) ||
-          (NULL != strchr(string, '\n'))) ? TRUE : FALSE;
-}
-
 /***********************************************************************
  *
  * AcceptServerConnect()
@@ -4377,11 +4365,6 @@ static CURLcode ftp_setup_connection(struct connectdata 
*conn)
   */
   ftp->user = conn->user;
   ftp->passwd = conn->passwd;
-  if(isBadFtpString(ftp->user))
-    return CURLE_URL_MALFORMAT;
-  if(isBadFtpString(ftp->passwd))
-    return CURLE_URL_MALFORMAT;
-
   conn->proto.ftpc.known_filesize = -1; /* unknown size for now */
 
   return CURLE_OK;
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index f72ccbc16..5fbe18396 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -96,12 +96,11 @@ test818 test819 test820 test821 test822 test823 test824 
test825 test826 \
 test827 test828 test829 test830 test831 test832 test833 test834 test835 \
 test836 test837 test838 test839 test840 test841 test842 test843 test844 \
 test845 test846 test847 test848 test849 \
-\
 test850 test851 test852 test853 test854 test855 test856 test857 test858 \
 test859 test860 test861 test862 test863 test864 test865 test866 test867 \
 test868 test869 test870 test871 test872 test873 test874 test875 test876 \
 test877 test878 test879 test880 test881 test882 test883 test884 test885 \
-test886 test887 test888 test889 test890 test891 test892 test893 \
+test886 test887 test888 test889 test890 test891 test892 test893 test894 \
 \
 test900 test901 test902 test903 test904 test905 test906 test907 test908 \
 test909 test910 test911 test912 test913 test914 test915 test916 test917 \
diff --git a/tests/data/test894 b/tests/data/test894
new file mode 100644
index 000000000..db79830ca
--- /dev/null
+++ b/tests/data/test894
@@ -0,0 +1,37 @@
+<testcase>
+<info>
+<keywords>
+POP3
+Clear Text
+RETR
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+pop3
+</server>
+ <name>
+POP3 with CR in username
+ </name>
+ <command>
+pop3://user%0dFRIGGING_cmd:secret@%HOSTIP:%POP3PORT/894
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# malformed URL
+<errorcode>
+3
+</errorcode>
+</verify>
+</testcase>

-- 
To stop receiving notification emails like this one, please contact
address@hidden.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]