| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ftp/ftp_network_transaction.h" | 5 #include "net/ftp/ftp_network_transaction.h" |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 | 8 |
| 9 #include "base/compiler_specific.h" | 9 #include "base/compiler_specific.h" |
| 10 #include "base/macros.h" | 10 #include "base/macros.h" |
| (...skipping 1169 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1180 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); | 1180 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); |
| 1181 } | 1181 } |
| 1182 | 1182 |
| 1183 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvUnsafePort4) { | 1183 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvUnsafePort4) { |
| 1184 // Unsafe. 8 * 256 + 1 = 2049, which is used by nfs. | 1184 // Unsafe. 8 * 256 + 1 = 2049, which is used by nfs. |
| 1185 FtpSocketDataProviderEvilPasv ctrl_socket("227 Portscan (127,0,0,1,8,1)\r\n", | 1185 FtpSocketDataProviderEvilPasv ctrl_socket("227 Portscan (127,0,0,1,8,1)\r\n", |
| 1186 FtpSocketDataProvider::PRE_QUIT); | 1186 FtpSocketDataProvider::PRE_QUIT); |
| 1187 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); | 1187 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); |
| 1188 } | 1188 } |
| 1189 | 1189 |
| 1190 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvInvalidPort1) { |
| 1191 // Unsafe. 8 * 256 + 1 = 2049, which is used by nfs. |
| 1192 FtpSocketDataProviderEvilPasv ctrl_socket( |
| 1193 "227 Portscan (127,0,0,1,256,100)\r\n", FtpSocketDataProvider::PRE_QUIT); |
| 1194 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1195 } |
| 1196 |
| 1197 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvInvalidPort2) { |
| 1198 // Unsafe. 8 * 256 + 1 = 2049, which is used by nfs. |
| 1199 FtpSocketDataProviderEvilPasv ctrl_socket( |
| 1200 "227 Portscan (127,0,0,1,100,256)\r\n", FtpSocketDataProvider::PRE_QUIT); |
| 1201 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1202 } |
| 1203 |
| 1204 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvInvalidPort3) { |
| 1205 // Unsafe. 8 * 256 + 1 = 2049, which is used by nfs. |
| 1206 FtpSocketDataProviderEvilPasv ctrl_socket( |
| 1207 "227 Portscan (127,0,0,1,-100,100)\r\n", FtpSocketDataProvider::PRE_QUIT); |
| 1208 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1209 } |
| 1210 |
| 1211 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvInvalidPort4) { |
| 1212 // Unsafe. 8 * 256 + 1 = 2049, which is used by nfs. |
| 1213 FtpSocketDataProviderEvilPasv ctrl_socket( |
| 1214 "227 Portscan (127,0,0,1,100,-100)\r\n", FtpSocketDataProvider::PRE_QUIT); |
| 1215 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1216 } |
| 1217 |
| 1190 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvUnsafeHost) { | 1218 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvUnsafeHost) { |
| 1191 FtpSocketDataProviderEvilPasv ctrl_socket( | 1219 FtpSocketDataProviderEvilPasv ctrl_socket( |
| 1192 "227 Portscan (10,1,2,3,123,456)\r\n", FtpSocketDataProvider::PRE_RETR); | 1220 "227 Portscan (10,1,2,3,123,456)\r\n", FtpSocketDataProvider::PRE_RETR); |
| 1193 ctrl_socket.set_use_epsv(GetFamily() != AF_INET); | 1221 ctrl_socket.set_use_epsv(GetFamily() != AF_INET); |
| 1194 std::string mock_data("mock-data"); | 1222 std::string mock_data("mock-data"); |
| 1195 MockRead data_reads[] = { | 1223 MockRead data_reads[] = { |
| 1196 MockRead(mock_data.c_str()), | 1224 MockRead(mock_data.c_str()), |
| 1197 }; | 1225 }; |
| 1198 StaticSocketDataProvider data_socket1; | 1226 StaticSocketDataProvider data_socket1; |
| 1199 StaticSocketDataProvider data_socket2(data_reads, arraysize(data_reads), | 1227 StaticSocketDataProvider data_socket2(data_reads, arraysize(data_reads), |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1307 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); | 1335 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); |
| 1308 } | 1336 } |
| 1309 | 1337 |
| 1310 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilEpsvUnsafePort4) { | 1338 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilEpsvUnsafePort4) { |
| 1311 // This test makes no sense for IPv4 connections (we don't use EPSV there). | 1339 // This test makes no sense for IPv4 connections (we don't use EPSV there). |
| 1312 if (GetFamily() == AF_INET) | 1340 if (GetFamily() == AF_INET) |
| 1313 return; | 1341 return; |
| 1314 | 1342 |
| 1315 FtpSocketDataProviderEvilEpsv ctrl_socket("227 Portscan (|||2049|)\r\n", | 1343 FtpSocketDataProviderEvilEpsv ctrl_socket("227 Portscan (|||2049|)\r\n", |
| 1316 FtpSocketDataProvider::PRE_QUIT); | 1344 FtpSocketDataProvider::PRE_QUIT); |
| 1317 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); | 1345 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1346 } |
| 1347 |
| 1348 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilEpsvInvalidPort) { |
| 1349 // This test makes no sense for IPv4 connections (we don't use EPSV there). |
| 1350 if (GetFamily() == AF_INET) |
| 1351 return; |
| 1352 |
| 1353 FtpSocketDataProviderEvilEpsv ctrl_socket("227 Portscan (|||4294973296|)\r\n", |
| 1354 FtpSocketDataProvider::PRE_QUIT); |
| 1355 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1318 } | 1356 } |
| 1319 | 1357 |
| 1320 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilEpsvWeirdSep) { | 1358 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilEpsvWeirdSep) { |
| 1321 // This test makes no sense for IPv4 connections (we don't use EPSV there). | 1359 // This test makes no sense for IPv4 connections (we don't use EPSV there). |
| 1322 if (GetFamily() == AF_INET) | 1360 if (GetFamily() == AF_INET) |
| 1323 return; | 1361 return; |
| 1324 | 1362 |
| 1325 FtpSocketDataProviderEvilEpsv ctrl_socket("227 Portscan ($$$31744$)\r\n", | 1363 FtpSocketDataProviderEvilEpsv ctrl_socket("227 Portscan ($$$31744$)\r\n", |
| 1326 FtpSocketDataProvider::PRE_RETR); | 1364 FtpSocketDataProvider::PRE_RETR); |
| 1327 ExecuteTransaction(&ctrl_socket, "ftp://host/file", OK); | 1365 ExecuteTransaction(&ctrl_socket, "ftp://host/file", OK); |
| (...skipping 399 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1727 "157 Foo\r\n"); | 1765 "157 Foo\r\n"); |
| 1728 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); | 1766 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1729 } | 1767 } |
| 1730 } | 1768 } |
| 1731 | 1769 |
| 1732 INSTANTIATE_TEST_CASE_P(FTP, | 1770 INSTANTIATE_TEST_CASE_P(FTP, |
| 1733 FtpNetworkTransactionTest, | 1771 FtpNetworkTransactionTest, |
| 1734 ::testing::Values(AF_INET, AF_INET6)); | 1772 ::testing::Values(AF_INET, AF_INET6)); |
| 1735 | 1773 |
| 1736 } // namespace net | 1774 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2539583002:
Use overflow-safe string-to-int parsing methods for FTP ports. (Closed)
