[ucb-issues] =?UTF-8?B?W0lzc3VlIDQxMDQwXSBOZXcgLSBGVFAgVUNQOiBQcm9sZW1zIHdpdA==?= =?UTF-8?B?aCBiYWQgZGF0YSBpbiBVUkxz?=

Thu, 20 Jan 2005 07:45:24 -0800 

To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=41040
                  Issue #:|41040
                  Summary:|FTP UCP: Prolems with bad data in URLs
                Component:|ucb
                  Version:|680m72
                 Platform:|All
                      URL:|
               OS/Version:|All
                   Status:|NEW
        Status whiteboard:|
                 Keywords:|
               Resolution:|
               Issue type:|DEFECT
                 Priority:|P3
             Subcomponent:|code
              Assigned to:|abi
              Reported by:|sb





------- Additional comments from [EMAIL PROTECTED] Thu Jan 20 07:45:22 -0800 
2005 -------
The FTP UCP does not detect and reject URLs that contain NULL
(U+0000), LF (U+000A), and CR (U+000D), either unescaped or escaped as %00, %0A,
%0D, etc.  When "ftp://host/path"; is a working
URL, calling XContent.execute("getPropertyValues") to retrieve the "Size"
property on contents corresponding to the following URLs has the following
results (all string literals are in Java notation):

"ftp://host/path": success
"ftp://host/path\u0000foo": success (error: "\u0000foo" is silently dropped on
client side)
"ftp://host/path%00foo": success (error: "\u0000foo" is silently dropped on
client side)
"http://host/path\r\nfoo": success (error: garbage is sent from client to 
server)
"http://host/path%0D%0Afoo": com.sun.star.ucb.InteractiveAugmentedIOException ""
(error: garbage is sent from client to server)

On fixing the last three cases, see the thread at
<http://curl.haxx.se/mail/lib-2005-01/0172.html>.

Also, inspecting ucb/source/ucp/ftp/ftpurl.cxx 1.18, all code that use
curl_slist_append should ensure that it compose well-formed FTP commands (i.e.,
containing valid RFC 959 <string>s).

---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to