[
https://issues.apache.org/jira/browse/NET-663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Max Shenfield updated NET-663:
------------------------------
Description:
At L934 of the {{FTPClient}} code, Apache does a check to see whether the data
and control connections are at the same IP address ({{verifyRemote}}). If they
differ, the data connection socket is closed and an exception is raised. This
can be disabled, but is the default behavior ({{__remoteVerificationEnabled =
true}}).
The L934-939 code path where {{verifyRemote}} returns false always raises a
{{java.lang.NullPointerException}}. {{socket.getInetAddress()}} seems to
return {{null}} after {{socket.close}} is called, leading to
{{socket.getInetAdress().getHostAddress()}} to raise the
{{java.lang.NullPointerException}} at L938. This obfuscates a really useful
error message ("Host attempting data connection is not the same as server")
with a difficult to debug {{NullPointerException}}.
Example State:
{code}
this.__remoteVerificationEnabled -> true
this.getRemoteAddress().toString() -> "ftp.example.com/987.654.321.000"
socket.getInetAddress().toString() -> "/123.456.789.000"
{code}
was:
At L934 of the {{FTPClient}} code, Apache does a check to see whether the data
and control connections are at the same IP address ({{verifyRemote}}). If they
differ, the data connection socket is closed and an exception is raised. This
can be disabled, but is the default behavior ({{__remoteVerificationEnabled =
true}}).
The L934-939 code path where {{verifyRemote}} returns false always raises a
{{java.lang.NullPointerException}}. {{socket.getInetAddress()}} seems to
return {{null}} after {{socket.close}} is called, leading to
{{socket.getInetAdress().getHostAddress()}} to raise the
{{java.lang.NullPointerException}} at L938. This obfuscates a really useful
error message ("Host attempting data connection is not the same as server")
with a difficult to debug {{NullPointerException}}.
Example State:
{code}
this.__remoteVerificationEnabled -> true
this.getRemoteAddress().toString() -> "ftp.example.com/987.654.321.000"
socket.getInetAddress.toString() -> "/123.456.789.000"
{code}
> NullPointerException when FTPClient remote verification fails
> -------------------------------------------------------------
>
> Key: NET-663
> URL: https://issues.apache.org/jira/browse/NET-663
> Project: Commons Net
> Issue Type: Bug
> Components: FTP
> Affects Versions: 3.6
> Environment: OS: Linux
> Reporter: Max Shenfield
> Priority: Minor
> Labels: NullPointerException
>
> At L934 of the {{FTPClient}} code, Apache does a check to see whether the
> data and control connections are at the same IP address ({{verifyRemote}}).
> If they differ, the data connection socket is closed and an exception is
> raised. This can be disabled, but is the default behavior
> ({{__remoteVerificationEnabled = true}}).
> The L934-939 code path where {{verifyRemote}} returns false always raises a
> {{java.lang.NullPointerException}}. {{socket.getInetAddress()}} seems to
> return {{null}} after {{socket.close}} is called, leading to
> {{socket.getInetAdress().getHostAddress()}} to raise the
> {{java.lang.NullPointerException}} at L938. This obfuscates a really useful
> error message ("Host attempting data connection is not the same as server")
> with a difficult to debug {{NullPointerException}}.
> Example State:
> {code}
> this.__remoteVerificationEnabled -> true
> this.getRemoteAddress().toString() -> "ftp.example.com/987.654.321.000"
> socket.getInetAddress().toString() -> "/123.456.789.000"
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
