search

Guichaguri / MinimalFTP

A lightweight, simple FTP server. Pure Java, no dependencies.
Apache License 2.0
160 stars 45 forks source link

Bug of LIST -a command! #12

Closed Niky4000 closed 2 years ago

Niky4000 commented 2 years ago

Hi! I have found a bug! You have to replace one line in your code: FileHandler.list:236: Object dir = args.length > 0 && !args[0].equals("-l") && !args[0].equals("-a") ? getFile(args[0]) : cwd; Instead of: Object dir = args.length > 0 && !args[0].equals("-l") ? getFile(args[0]) : cwd; It doesn't work when client sends LIST -a. "-a" interprets as file that not exists. Client will have con.sendResponse(550, "Not a directory"); error. After bug having been fixed you may do things like this: sudo curlftpfs 127.0.0.1:2121 ~/mnt Than you may exec command line commands like ls, cd, cat, rm -rf and so on this ftp server being mounted on local filesystem.

Niky4000 commented 2 years ago

I have made a patch for you: diff --git a/src/main/java/com/guichaguri/minimalftp/handler/FileHandler.java b/src/main/java/com/guichaguri/minimalftp/handler/FileHandler.java index e22c079..50fc01f 100644 --- a/src/main/java/com/guichaguri/minimalftp/handler/FileHandler.java +++ b/src/main/java/com/guichaguri/minimalftp/handler/FileHandler.java @@ -233,7 +233,7 @@ // "-l" is not present in any specification, but chrome uses it // TODO remove this when the bug gets fixed // https://bugs.chromium.org/p/chromium/issues/detail?id=706905 - Object dir = args.length > 0 && !args[0].equals("-l") ? getFile(args[0]) : cwd; + Object dir = args.length > 0 && !args[0].equals("-l") && !args[0].equals("-a") ? getFile(args[0]) : cwd; ` if(!fs.isDirectory(dir)) { con.sendResponse(550, "Not a directory");` I can't push into your repository and I can't create a new branch and due to that I decided to write down it here.

Guichaguri commented 2 years ago

Thanks for your contribution!

The -l parameter used to be added by Chromium by misinterpretation of the spec, that's why there is a condition to fix work around that. Is curlftpfs automatically adding the -a parameter to LIST?

Also, just a tip: You can fork the project, make your changes and then create a pull request instead of sending a raw patch.

Niky4000 commented 2 years ago

Hi, we usually make merge requests at work. I didn't know about pull request. It's my first contribution at GitHub. I used FileZilla to test it. And FileZilla added that parameter to LIST. Then I tested it using curlftpfs as far as I remember and it also worked.

Guichaguri commented 2 years ago

Fair enough, thank you for your contribution :)