squid icon indicating copy to clipboard operation
squid copied to clipboard
verified publisher icon squid-cache

FTP: Detect more malformed EPSV replies

Open MegaManSec opened this issue 4 months ago • 6 comments

Replaces sscanf() handling of EPSV replies with an RFC2428 tokenizer

  • delimiter must be printable ASCII and not a digit
  • three identical delimiters before the port and a fourth before )
  • port is 1-65535, and 1-5 digits
  • allow trailing whitespace only; reject other garbage

Also adds unit tests for valid tuples, digit delimiter, out-of-range ports, trailing junk, and optional whitespace.

MegaManSec avatar Sep 02 '25 19:09 MegaManSec

Any chance to throw in a unit test?

kinkie avatar Sep 04 '25 19:09 kinkie

I can certainly try.

MegaManSec avatar Sep 07 '25 02:09 MegaManSec

Cannot create a git commit message from PR title and description.

Error while parsing line 5: Invalid line 5 character (Unicode \u2013) at position 21:

Problematic parser input:

- port is 1..65535, 1\u20135 digits

Please note that the text quoted above was modified from its original to replace bytes outside of ASCII space-tilde range with their Unicode code point sequences (i.e. \u00NN). Please see PR title and description formatting requirements for more details.

This message was added by Anubis bot. Anubis will add a new message if the error text changes. Anubis will remove M-failed-description label when there are no corresponding failures to report.

squid-anubis avatar Sep 07 '25 21:09 squid-anubis

Cannot create a git commit message from PR title and description.

Error while parsing PR description body: the line is too long 77>72

Problematic parser input:

Replaces sscanf() handling of EPSV replies with a RFC2428-compliant tokenizer

Please see PR title and description formatting requirements for more details.

This message was added by Anubis bot. Anubis will add a new message if the error text changes. Anubis will remove M-failed-description label when there are no corresponding failures to report.

squid-anubis avatar Sep 07 '25 21:09 squid-anubis

Cannot create a git commit message from PR title and description.

Error while parsing PR description body: the line is too long 74>72

Problematic parser input:

- exactly three identical delimiters before the port and a fourth before )

Please see PR title and description formatting requirements for more details.

This message was added by Anubis bot. Anubis will add a new message if the error text changes. Anubis will remove M-failed-description label when there are no corresponding failures to report.

squid-anubis avatar Sep 07 '25 21:09 squid-anubis

unsure how to fix the test linking

MegaManSec avatar Oct 20 '25 12:10 MegaManSec