| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ftp/ftp_network_transaction.h" | 5 #include "net/ftp/ftp_network_transaction.h" |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 | 8 |
| 9 #include "base/compiler_specific.h" | 9 #include "base/compiler_specific.h" |
| 10 #include "base/macros.h" | 10 #include "base/macros.h" |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 102 return Verify("PWD\r\n", data, PRE_TYPE, | 102 return Verify("PWD\r\n", data, PRE_TYPE, |
| 103 "257 \"/\" is your current location\r\n"); | 103 "257 \"/\" is your current location\r\n"); |
| 104 case PRE_TYPE: | 104 case PRE_TYPE: |
| 105 return Verify(std::string("TYPE ") + data_type_ + "\r\n", data, | 105 return Verify(std::string("TYPE ") + data_type_ + "\r\n", data, |
| 106 PRE_SIZE, "200 TYPE set successfully\r\n"); | 106 PRE_SIZE, "200 TYPE set successfully\r\n"); |
| 107 case PRE_LIST_EPSV: | 107 case PRE_LIST_EPSV: |
| 108 return Verify("EPSV\r\n", data, PRE_LIST, | 108 return Verify("EPSV\r\n", data, PRE_LIST, |
| 109 "227 Entering Extended Passive Mode (|||31744|)\r\n"); | 109 "227 Entering Extended Passive Mode (|||31744|)\r\n"); |
| 110 case PRE_LIST_PASV: | 110 case PRE_LIST_PASV: |
| 111 return Verify("PASV\r\n", data, PRE_LIST, | 111 return Verify("PASV\r\n", data, PRE_LIST, |
| 112 "227 Entering Passive Mode 127,0,0,1,123,456\r\n"); | 112 "227 Entering Passive Mode 127,0,0,1,123,123\r\n"); |
| 113 case PRE_RETR_EPSV: | 113 case PRE_RETR_EPSV: |
| 114 return Verify("EPSV\r\n", data, PRE_RETR, | 114 return Verify("EPSV\r\n", data, PRE_RETR, |
| 115 "227 Entering Extended Passive Mode (|||31744|)\r\n"); | 115 "227 Entering Extended Passive Mode (|||31744|)\r\n"); |
| 116 case PRE_RETR_PASV: | 116 case PRE_RETR_PASV: |
| 117 return Verify("PASV\r\n", data, PRE_RETR, | 117 return Verify("PASV\r\n", data, PRE_RETR, |
| 118 "227 Entering Passive Mode 127,0,0,1,123,456\r\n"); | 118 "227 Entering Passive Mode 127,0,0,1,123,123\r\n"); |
| 119 case PRE_NOPASV: | 119 case PRE_NOPASV: |
| 120 // Use unallocated 599 FTP error code to make sure it falls into the | 120 // Use unallocated 599 FTP error code to make sure it falls into the |
| 121 // generic ERR_FTP_FAILED bucket. | 121 // generic ERR_FTP_FAILED bucket. |
| 122 return Verify("PASV\r\n", data, PRE_QUIT, | 122 return Verify("PASV\r\n", data, PRE_QUIT, |
| 123 "599 fail\r\n"); | 123 "599 fail\r\n"); |
| 124 case PRE_QUIT: | 124 case PRE_QUIT: |
| 125 return Verify("QUIT\r\n", data, QUIT, "221 Goodbye.\r\n"); | 125 return Verify("QUIT\r\n", data, QUIT, "221 Goodbye.\r\n"); |
| 126 default: | 126 default: |
| 127 NOTREACHED() << "State not handled " << state(); | 127 NOTREACHED() << "State not handled " << state(); |
| 128 return MockWriteResult(ASYNC, ERR_UNEXPECTED); | 128 return MockWriteResult(ASYNC, ERR_UNEXPECTED); |
| (...skipping 1051 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1180 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); | 1180 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); |
| 1181 } | 1181 } |
| 1182 | 1182 |
| 1183 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvUnsafePort4) { | 1183 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvUnsafePort4) { |
| 1184 // Unsafe. 8 * 256 + 1 = 2049, which is used by nfs. | 1184 // Unsafe. 8 * 256 + 1 = 2049, which is used by nfs. |
| 1185 FtpSocketDataProviderEvilPasv ctrl_socket("227 Portscan (127,0,0,1,8,1)\r\n", | 1185 FtpSocketDataProviderEvilPasv ctrl_socket("227 Portscan (127,0,0,1,8,1)\r\n", |
| 1186 FtpSocketDataProvider::PRE_QUIT); | 1186 FtpSocketDataProvider::PRE_QUIT); |
| 1187 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); | 1187 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); |
| 1188 } | 1188 } |
| 1189 | 1189 |
| 1190 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvInvalidPort1) { |
| 1191 // Unsafe. 8 * 256 + 1 = 2049, which is used by nfs. |
| 1192 FtpSocketDataProviderEvilPasv ctrl_socket( |
| 1193 "227 Portscan (127,0,0,1,256,100)\r\n", FtpSocketDataProvider::PRE_QUIT); |
| 1194 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1195 } |
| 1196 |
| 1197 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvInvalidPort2) { |
| 1198 // Unsafe. 8 * 256 + 1 = 2049, which is used by nfs. |
| 1199 FtpSocketDataProviderEvilPasv ctrl_socket( |
| 1200 "227 Portscan (127,0,0,1,100,256)\r\n", FtpSocketDataProvider::PRE_QUIT); |
| 1201 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1202 } |
| 1203 |
| 1204 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvInvalidPort3) { |
| 1205 // Unsafe. 8 * 256 + 1 = 2049, which is used by nfs. |
| 1206 FtpSocketDataProviderEvilPasv ctrl_socket( |
| 1207 "227 Portscan (127,0,0,1,-100,100)\r\n", FtpSocketDataProvider::PRE_QUIT); |
| 1208 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1209 } |
| 1210 |
| 1211 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvInvalidPort4) { |
| 1212 // Unsafe. 8 * 256 + 1 = 2049, which is used by nfs. |
| 1213 FtpSocketDataProviderEvilPasv ctrl_socket( |
| 1214 "227 Portscan (127,0,0,1,100,-100)\r\n", FtpSocketDataProvider::PRE_QUIT); |
| 1215 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1216 } |
| 1217 |
| 1190 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvUnsafeHost) { | 1218 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilPasvUnsafeHost) { |
| 1191 FtpSocketDataProviderEvilPasv ctrl_socket( | 1219 FtpSocketDataProviderEvilPasv ctrl_socket( |
| 1192 "227 Portscan (10,1,2,3,123,456)\r\n", FtpSocketDataProvider::PRE_RETR); | 1220 "227 Portscan (10,1,2,3,123,123)\r\n", FtpSocketDataProvider::PRE_RETR); |
| 1193 ctrl_socket.set_use_epsv(GetFamily() != AF_INET); | 1221 ctrl_socket.set_use_epsv(GetFamily() != AF_INET); |
| 1194 std::string mock_data("mock-data"); | 1222 std::string mock_data("mock-data"); |
| 1195 MockRead data_reads[] = { | 1223 MockRead data_reads[] = { |
| 1196 MockRead(mock_data.c_str()), | 1224 MockRead(mock_data.c_str()), |
| 1197 }; | 1225 }; |
| 1198 StaticSocketDataProvider data_socket1; | 1226 StaticSocketDataProvider data_socket1; |
| 1199 StaticSocketDataProvider data_socket2(data_reads, arraysize(data_reads), | 1227 StaticSocketDataProvider data_socket2(data_reads, arraysize(data_reads), |
| 1200 NULL, 0); | 1228 NULL, 0); |
| 1201 mock_socket_factory_->AddSocketDataProvider(&ctrl_socket); | 1229 mock_socket_factory_->AddSocketDataProvider(&ctrl_socket); |
| 1202 mock_socket_factory_->AddSocketDataProvider(&data_socket1); | 1230 mock_socket_factory_->AddSocketDataProvider(&data_socket1); |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1310 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilEpsvUnsafePort4) { | 1338 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilEpsvUnsafePort4) { |
| 1311 // This test makes no sense for IPv4 connections (we don't use EPSV there). | 1339 // This test makes no sense for IPv4 connections (we don't use EPSV there). |
| 1312 if (GetFamily() == AF_INET) | 1340 if (GetFamily() == AF_INET) |
| 1313 return; | 1341 return; |
| 1314 | 1342 |
| 1315 FtpSocketDataProviderEvilEpsv ctrl_socket("227 Portscan (|||2049|)\r\n", | 1343 FtpSocketDataProviderEvilEpsv ctrl_socket("227 Portscan (|||2049|)\r\n", |
| 1316 FtpSocketDataProvider::PRE_QUIT); | 1344 FtpSocketDataProvider::PRE_QUIT); |
| 1317 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); | 1345 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_UNSAFE_PORT); |
| 1318 } | 1346 } |
| 1319 | 1347 |
| 1348 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilEpsvInvalidPort) { |
| 1349 // This test makes no sense for IPv4 connections (we don't use EPSV there). |
| 1350 if (GetFamily() == AF_INET) |
| 1351 return; |
| 1352 |
| 1353 FtpSocketDataProviderEvilEpsv ctrl_socket("227 Portscan (|||4294973296|)\r\n", |
| 1354 FtpSocketDataProvider::PRE_QUIT); |
| 1355 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1356 } |
| 1357 |
| 1320 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilEpsvWeirdSep) { | 1358 TEST_P(FtpNetworkTransactionTest, DownloadTransactionEvilEpsvWeirdSep) { |
| 1321 // This test makes no sense for IPv4 connections (we don't use EPSV there). | 1359 // This test makes no sense for IPv4 connections (we don't use EPSV there). |
| 1322 if (GetFamily() == AF_INET) | 1360 if (GetFamily() == AF_INET) |
| 1323 return; | 1361 return; |
| 1324 | 1362 |
| 1325 FtpSocketDataProviderEvilEpsv ctrl_socket("227 Portscan ($$$31744$)\r\n", | 1363 FtpSocketDataProviderEvilEpsv ctrl_socket("227 Portscan ($$$31744$)\r\n", |
| 1326 FtpSocketDataProvider::PRE_RETR); | 1364 FtpSocketDataProvider::PRE_RETR); |
| 1327 ExecuteTransaction(&ctrl_socket, "ftp://host/file", OK); | 1365 ExecuteTransaction(&ctrl_socket, "ftp://host/file", OK); |
| 1328 } | 1366 } |
| 1329 | 1367 |
| (...skipping 397 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1727 "157 Foo\r\n"); | 1765 "157 Foo\r\n"); |
| 1728 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); | 1766 ExecuteTransaction(&ctrl_socket, "ftp://host/file", ERR_INVALID_RESPONSE); |
| 1729 } | 1767 } |
| 1730 } | 1768 } |
| 1731 | 1769 |
| 1732 INSTANTIATE_TEST_CASE_P(FTP, | 1770 INSTANTIATE_TEST_CASE_P(FTP, |
| 1733 FtpNetworkTransactionTest, | 1771 FtpNetworkTransactionTest, |
| 1734 ::testing::Values(AF_INET, AF_INET6)); | 1772 ::testing::Values(AF_INET, AF_INET6)); |
| 1735 | 1773 |
| 1736 } // namespace net | 1774 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2539583002:
Use overflow-safe string-to-int parsing methods for FTP ports. (Closed)
