On Thu, Sep 10, 2009 at 3:32 PM, Paweł Hajdan Jr. <[email protected]>wrote:
> If you want to help make Chromium better, read on. You probably know we're > developing a new FTP stack: > http://blog.chromium.org/2009/09/new-ftp-implementation-goes-live.html > Currently we're using directory listing parsing routines from Mozilla, but > the code is written in a very low-level style, which increases the > possibility that there are security holes in it, or even just crashing bugs. > On the other hand, it can parse a huge variety of directory listing styles. > > I have a brave plan to rewrite that code. > Sounds like a moderate amount of work. IMHO, it would be acceptable from a security standpoint to: 1) Fix any bugs turned up by fuzzing. 2) Make sure the directory parsing code runs in the context of the Chromium sandbox. Cheers Chris The problem is, it'd be nice to test against real servers. /bin/ls, Windows, > and /bin/dls formats are quite common, but there is also VMS, IBM z/VM, > SuperTCP, Chameleon, and possibly others. If you know about an anonymous > server which is running one of the software listed below, please consider > sharing this information: > > - VMS > - /bin/dls listing style > - IBM VM/CMS, VM/ESA, z/VM kind of server > - OS/2 FTP Server > - SuperTCP, NetManage Chameleon, win16 (?) > - WindowsNT configured for DOS style listing > > More than one example of even type won't hurt - just the opposite. Often > there are subtle variations. > > > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
