[xml] Two bugs in nanoftp.c in libxml2-2.4.10.

From: Prof Brian D Ripley <ripley stats ox ac uk>
To: <xml gnome org>
Subject: [xml] Two bugs in nanoftp.c in libxml2-2.4.10.
Date: Sat, 17 Nov 2001 18:44:58 +0000 (GMT)

Two bugs in nanoftp.c in libxml2-2.4.10.

1) xmlNanoFTPFreeCtxt can be called quite early, before
ctxt->controlFd has been set.  In those circumstances, closesocket may
be called on a random integer, e.g. called on 0 and so closes stdin.
It needs to be set when a context is created.

2) ftp URLs of the form ftp://user foo/ and ftp://user:passwd foo/ are not
detected, let alone parsed, and it was a user trying one of these which led
me to find 1).  The patch below parses those forms: the rest of the code
accepts the setting of ctxt->user and ctxt->passwd, so this was all I
needed.


*** libxml2-2.4.10/nanoftp.c    Tue Oct 30 03:35:05 2001
--- nanoftp.c   Sat Nov 17 18:31:56 2001
***************
*** 261,267 ****
      if (*cur == 0) return;

      buf[indx] = 0;
!     while (1) {
          if (cur[0] == ':') {
            buf[indx] = 0;
            ctxt->hostname = xmlMemStrdup(buf);
--- 261,292 ----
      if (*cur == 0) return;

      buf[indx] = 0;
!     /* allow user@ and user:pass@ forms */
!     {
!       const char *p = strchr(cur, '@');
!       if(p) {
!           while(1) {
!               if(cur[0] == ':' || cur[0] == '@') break;
!               buf[indx++] = *cur++;
!           }
!           buf[indx] = 0;
!           ctxt->user = xmlMemStrdup(buf);
!           indx = 0;
!           if(cur[0] == ':') {
!               cur++;
!               while(1) {
!                   if(cur[0] == '@') break;
!                   buf[indx++] = *cur++;
!               }
!               buf[indx] = 0;
!               ctxt->passwd = xmlMemStrdup(buf);
!               indx = 0;
!           }
!           cur = p+1;
!       }
!     }
!
!      while (1) {
          if (cur[0] == ':') {
            buf[indx] = 0;
            ctxt->hostname = xmlMemStrdup(buf);
***************
*** 480,485 ****
--- 505,511 ----
      ret->returnValue = 0;
      ret->controlBufIndex = 0;
      ret->controlBufUsed = 0;
+     ret->controlFd = -1;

      if (URL != NULL)
        xmlNanoFTPScanURL(ret, URL);

-- 
Brian D. Ripley,                  ripley stats ox ac uk
Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
University of Oxford,             Tel:  +44 1865 272861 (self)
1 South Parks Road,                     +44 1865 272860 (secr)
Oxford OX1 3TG, UK                Fax:  +44 1865 272595

Follow-Ups:
- Re: [xml] Two bugs in nanoftp.c in libxml2-2.4.10.
  - From: Daniel Veillard

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]