diff options
author | Henrik Nord <[email protected]> | 2014-02-24 16:15:26 +0100 |
---|---|---|
committer | Henrik Nord <[email protected]> | 2014-02-24 16:15:26 +0100 |
commit | 6995e4764d2722ca315a68facd8777f3c8970db7 (patch) | |
tree | 0bf8504fab44df75fb3cb337d93f4f23783b3a3e /lib/inets/src/ftp/ftp.erl | |
parent | 9fd8dfa8c3fed9981191f16cd5c3d5cded3660ae (diff) | |
parent | dfe10daaee512ba39a0b918613f36b989fc90c49 (diff) | |
download | otp-6995e4764d2722ca315a68facd8777f3c8970db7.tar.gz otp-6995e4764d2722ca315a68facd8777f3c8970db7.tar.bz2 otp-6995e4764d2722ca315a68facd8777f3c8970db7.zip |
Merge branch 'sgolovan/check_if_ftp_path_is_sane/OTP-11750'
* sgolovan/check_if_ftp_path_is_sane/OTP-11750:
lib/inets/src/ftp/ftp.erl: Check the filenames, usernames, passwords etc. for <CR> and <LF> in them and return error if these offending chars are found. See http://erlang.org/pipermail/erlang-bugs/2014-January/003998.html for details. lib/inets/test/ftp_suite_lib.erl: Added checks for <CR><LF> in file and directory names.
Diffstat (limited to 'lib/inets/src/ftp/ftp.erl')
-rw-r--r-- | lib/inets/src/ftp/ftp.erl | 142 |
1 files changed, 123 insertions, 19 deletions
diff --git a/lib/inets/src/ftp/ftp.erl b/lib/inets/src/ftp/ftp.erl index 520db1b457..5674599ac5 100644 --- a/lib/inets/src/ftp/ftp.erl +++ b/lib/inets/src/ftp/ftp.erl @@ -192,7 +192,12 @@ do_open(Pid, OpenOptions, TLSOpts) -> 'ok' | {'error', Reason :: 'euser' | common_reason()}. user(Pid, User, Pass) -> - call(Pid, {user, User, Pass}, atom). + case {is_name_sane(User), is_name_sane(Pass)} of + {true, true} -> + call(Pid, {user, User, Pass}, atom); + _ -> + {error, euser} + end. -spec user(Pid :: pid(), User :: string(), @@ -201,7 +206,12 @@ user(Pid, User, Pass) -> 'ok' | {'error', Reason :: 'euser' | common_reason()}. user(Pid, User, Pass, Acc) -> - call(Pid, {user, User, Pass, Acc}, atom). + case {is_name_sane(User), is_name_sane(Pass), is_name_sane(Acc)} of + {true, true, true} -> + call(Pid, {user, User, Pass, Acc}, atom); + _ -> + {error, euser} + end. %%-------------------------------------------------------------------------- @@ -216,7 +226,12 @@ user(Pid, User, Pass, Acc) -> 'ok' | {'error', Reason :: 'eacct' | common_reason()}. account(Pid, Acc) -> - call(Pid, {account, Acc}, atom). + case is_name_sane(Acc) of + true -> + call(Pid, {account, Acc}, atom); + _ -> + {error, eacct} + end. %%-------------------------------------------------------------------------- @@ -262,7 +277,12 @@ lpwd(Pid) -> 'ok' | {'error', Reason :: restriction_reason() | common_reason()}. cd(Pid, Dir) -> - call(Pid, {cd, Dir}, atom). + case is_name_sane(Dir) of + true -> + call(Pid, {cd, Dir}, atom); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -305,7 +325,12 @@ ls(Pid) -> {'error', Reason :: restriction_reason() | common_reason()}. ls(Pid, Dir) -> - call(Pid, {dir, long, Dir}, string). + case is_name_sane(Dir) of + true -> + call(Pid, {dir, long, Dir}, string); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -333,7 +358,12 @@ nlist(Pid) -> {'error', Reason :: restriction_reason() | common_reason()}. nlist(Pid, Dir) -> - call(Pid, {dir, short, Dir}, string). + case is_name_sane(Dir) of + true -> + call(Pid, {dir, short, Dir}, string); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -349,7 +379,12 @@ nlist(Pid, Dir) -> 'ok' | {'error', Reason :: restriction_reason() | common_reason()}. rename(Pid, Old, New) -> - call(Pid, {rename, Old, New}, string). + case {is_name_sane(Old), is_name_sane(New)} of + {true, true} -> + call(Pid, {rename, Old, New}, string); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -365,7 +400,12 @@ rename(Pid, Old, New) -> 'ok' | {'error', Reason :: restriction_reason() | common_reason()}. delete(Pid, File) -> - call(Pid, {delete, File}, string). + case is_name_sane(File) of + true -> + call(Pid, {delete, File}, string); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -380,7 +420,12 @@ delete(Pid, File) -> 'ok' | {'error', Reason :: restriction_reason() | common_reason()}. mkdir(Pid, Dir) -> - call(Pid, {mkdir, Dir}, atom). + case is_name_sane(Dir) of + true -> + call(Pid, {mkdir, Dir}, atom); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -395,7 +440,12 @@ mkdir(Pid, Dir) -> 'ok' | {'error', Reason :: restriction_reason() | common_reason()}. rmdir(Pid, Dir) -> - call(Pid, {rmdir, Dir}, atom). + case is_name_sane(Dir) of + true -> + call(Pid, {rmdir, Dir}, atom); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -437,7 +487,12 @@ recv(Pid, RemotFileName) -> 'ok' | {'error', Reason :: term()}. recv(Pid, RemotFileName, LocalFileName) -> - call(Pid, {recv, RemotFileName, LocalFileName}, atom). + case is_name_sane(RemotFileName) of + true -> + call(Pid, {recv, RemotFileName, LocalFileName}, atom); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -456,7 +511,12 @@ recv(Pid, RemotFileName, LocalFileName) -> {'error', Reason :: restriction_reason() | common_reason()}. recv_bin(Pid, RemoteFile) -> - call(Pid, {recv_bin, RemoteFile}, bin). + case is_name_sane(RemoteFile) of + true -> + call(Pid, {recv_bin, RemoteFile}, bin); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -473,7 +533,12 @@ recv_bin(Pid, RemoteFile) -> 'ok' | {'error', Reason :: restriction_reason() | common_reason()}. recv_chunk_start(Pid, RemoteFile) -> - call(Pid, {recv_chunk_start, RemoteFile}, atom). + case is_name_sane(RemoteFile) of + true -> + call(Pid, {recv_chunk_start, RemoteFile}, atom); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -521,7 +586,12 @@ send(Pid, LocalFileName) -> shortage_reason()}. send(Pid, LocalFileName, RemotFileName) -> - call(Pid, {send, LocalFileName, RemotFileName}, atom). + case is_name_sane(RemotFileName) of + true -> + call(Pid, {send, LocalFileName, RemotFileName}, atom); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -541,7 +611,12 @@ send(Pid, LocalFileName, RemotFileName) -> shortage_reason()}. send_bin(Pid, Bin, RemoteFile) when is_binary(Bin) -> - call(Pid, {send_bin, Bin, RemoteFile}, atom); + case is_name_sane(RemoteFile) of + true -> + call(Pid, {send_bin, Bin, RemoteFile}, atom); + _ -> + {error, efnamena} + end; send_bin(_Pid, _Bin, _RemoteFile) -> {error, enotbinary}. @@ -559,7 +634,12 @@ send_bin(_Pid, _Bin, _RemoteFile) -> 'ok' | {'error', Reason :: restriction_reason() | common_reason()}. send_chunk_start(Pid, RemoteFile) -> - call(Pid, {send_chunk_start, RemoteFile}, atom). + case is_name_sane(RemoteFile) of + true -> + call(Pid, {send_chunk_start, RemoteFile}, atom); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -575,7 +655,12 @@ send_chunk_start(Pid, RemoteFile) -> 'ok' | {'error', Reason :: term()}. append_chunk_start(Pid, RemoteFile) -> - call(Pid, {append_chunk_start, RemoteFile}, atom). + case is_name_sane(RemoteFile) of + true -> + call(Pid, {append_chunk_start, RemoteFile}, atom); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -683,7 +768,12 @@ append(Pid, LocalFileName) -> 'ok' | {'error', Reason :: term()}. append(Pid, LocalFileName, RemotFileName) -> - call(Pid, {append, LocalFileName, RemotFileName}, atom). + case is_name_sane(RemotFileName) of + true -> + call(Pid, {append, LocalFileName, RemotFileName}, atom); + _ -> + {error, efnamena} + end. %%-------------------------------------------------------------------------- @@ -705,7 +795,12 @@ append(Pid, LocalFileName, RemotFileName) -> shortage_reason()}. append_bin(Pid, Bin, RemoteFile) when is_binary(Bin) -> - call(Pid, {append_bin, Bin, RemoteFile}, atom); + case is_name_sane(RemoteFile) of + true -> + call(Pid, {append_bin, Bin, RemoteFile}, atom); + _ -> + {error, efnamena} + end; append_bin(_Pid, _Bin, _RemoteFile) -> {error, enotbinary}. @@ -2302,6 +2397,15 @@ send_bin(State, Bin) -> mk_cmd(Fmt, Args) -> [io_lib:format(Fmt, Args)| [?CR, ?LF]]. % Deep list ok. +is_name_sane([]) -> + true; +is_name_sane([?CR| _]) -> + false; +is_name_sane([?LF| _]) -> + false; +is_name_sane([_| Rest]) -> + is_name_sane(Rest). + pwd_result(Lines) -> {_, [?DOUBLE_QUOTE | Rest]} = lists:splitwith(fun(?DOUBLE_QUOTE) -> false; (_) -> true end, Lines), |