You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by se...@apache.org on 2017/02/07 15:33:36 UTC

svn commit: r1782012 - in /commons/proper/net/trunk/src: changes/changes.xml main/java/org/apache/commons/net/ftp/FTPClient.java

Author: sebb
Date: Tue Feb  7 15:33:35 2017
New Revision: 1782012

URL: http://svn.apache.org/viewvc?rev=1782012&view=rev
Log:
NET-610 FTPClient.mlistFile incorrectly handles MLST reply

Modified:
    commons/proper/net/trunk/src/changes/changes.xml
    commons/proper/net/trunk/src/main/java/org/apache/commons/net/ftp/FTPClient.java

Modified: commons/proper/net/trunk/src/changes/changes.xml
URL: http://svn.apache.org/viewvc/commons/proper/net/trunk/src/changes/changes.xml?rev=1782012&r1=1782011&r2=1782012&view=diff
==============================================================================
--- commons/proper/net/trunk/src/changes/changes.xml [utf-8] (original)
+++ commons/proper/net/trunk/src/changes/changes.xml [utf-8] Tue Feb  7 15:33:35 2017
@@ -79,11 +79,17 @@ This is mainly a bug-fix release. See fu
   Note also that if strict checking is disabled, some functions may unconditionally strip the next character after the code,
 without checking it if is a space.
 
+  The FTP client mlistFile() method now checks for a leading space before removing it.
+  If the space is missing, a MalformedServerReplyException is thrown.
+  This will only happen if the FTP server is not compliant with RFC 3659.
 
   Notable additions:
   The POP3Mail examples can now get password from console, stdin or an environment variable.
   
 ">
+            <action issue="NET-610" type="fix" dev="sebb" due-to="Sergey Yanzin">
+            FTPClient.mlistFile incorrectly handles MLST reply
+            </action>
             <action issue="NET-611" type="fix" dev="sebb">
             FTP does not validate command reply syntax fully
             </action>

Modified: commons/proper/net/trunk/src/main/java/org/apache/commons/net/ftp/FTPClient.java
URL: http://svn.apache.org/viewvc/commons/proper/net/trunk/src/main/java/org/apache/commons/net/ftp/FTPClient.java?rev=1782012&r1=1782011&r2=1782012&view=diff
==============================================================================
--- commons/proper/net/trunk/src/main/java/org/apache/commons/net/ftp/FTPClient.java (original)
+++ commons/proper/net/trunk/src/main/java/org/apache/commons/net/ftp/FTPClient.java Tue Feb  7 15:33:35 2017
@@ -2507,7 +2507,15 @@ implements Configurable
     {
         boolean success = FTPReply.isPositiveCompletion(sendCommand(FTPCmd.MLST, pathname));
         if (success){
-            String entry = getReplyStrings()[1].substring(1); // skip leading space for parser
+            String reply = getReplyStrings()[1];
+            /* check the response makes sense. 
+             * Must have space before fact(s) and between fact(s) and filename
+             * Fact(s) can be absent, so at least 3 chars are needed.
+             */
+            if (reply.length() < 3 || reply.charAt(0) != ' ') {
+                throw new MalformedServerReplyException("Invalid server reply (MLST): '" + reply + "'");
+            }
+            String entry = reply.substring(1); // skip leading space for parser
             return MLSxEntryParser.parseEntry(entry);
         } else {
             return null;