svn commit: r1782012 - in /commons/proper/net/trunk/src: changes/changes.xml main/java/org/apache/commons/net/ftp/FTPClient.java

Tue, 07 Feb 2017 07:33:54 -0800 

Author: sebb
Date: Tue Feb  7 15:33:35 2017
New Revision: 1782012

URL: http://svn.apache.org/viewvc?rev=1782012&view=rev
Log:
NET-610 FTPClient.mlistFile incorrectly handles MLST reply

Modified:
    commons/proper/net/trunk/src/changes/changes.xml
    
commons/proper/net/trunk/src/main/java/org/apache/commons/net/ftp/FTPClient.java

Modified: commons/proper/net/trunk/src/changes/changes.xml
URL: 
http://svn.apache.org/viewvc/commons/proper/net/trunk/src/changes/changes.xml?rev=1782012&r1=1782011&r2=1782012&view=diff
==============================================================================
--- commons/proper/net/trunk/src/changes/changes.xml [utf-8] (original)
+++ commons/proper/net/trunk/src/changes/changes.xml [utf-8] Tue Feb  7 
15:33:35 2017
@@ -79,11 +79,17 @@ This is mainly a bug-fix release. See fu
   Note also that if strict checking is disabled, some functions may 
unconditionally strip the next character after the code,
 without checking it if is a space.
 
+  The FTP client mlistFile() method now checks for a leading space before 
removing it.
+  If the space is missing, a MalformedServerReplyException is thrown.
+  This will only happen if the FTP server is not compliant with RFC 3659.
 
   Notable additions:
   The POP3Mail examples can now get password from console, stdin or an 
environment variable.
   
 ">
+            <action issue="NET-610" type="fix" dev="sebb" due-to="Sergey 
Yanzin">
+            FTPClient.mlistFile incorrectly handles MLST reply
+            </action>
             <action issue="NET-611" type="fix" dev="sebb">
             FTP does not validate command reply syntax fully
             </action>

Modified: 
commons/proper/net/trunk/src/main/java/org/apache/commons/net/ftp/FTPClient.java
URL: 
http://svn.apache.org/viewvc/commons/proper/net/trunk/src/main/java/org/apache/commons/net/ftp/FTPClient.java?rev=1782012&r1=1782011&r2=1782012&view=diff
==============================================================================
--- 
commons/proper/net/trunk/src/main/java/org/apache/commons/net/ftp/FTPClient.java
 (original)
+++ 
commons/proper/net/trunk/src/main/java/org/apache/commons/net/ftp/FTPClient.java
 Tue Feb  7 15:33:35 2017
@@ -2507,7 +2507,15 @@ implements Configurable
     {
         boolean success = 
FTPReply.isPositiveCompletion(sendCommand(FTPCmd.MLST, pathname));
         if (success){
-            String entry = getReplyStrings()[1].substring(1); // skip leading 
space for parser
+            String reply = getReplyStrings()[1];
+            /* check the response makes sense. 
+             * Must have space before fact(s) and between fact(s) and filename
+             * Fact(s) can be absent, so at least 3 chars are needed.
+             */
+            if (reply.length() < 3 || reply.charAt(0) != ' ') {
+                throw new MalformedServerReplyException("Invalid server reply 
(MLST): '" + reply + "'");
+            }
+            String entry = reply.substring(1); // skip leading space for parser
             return MLSxEntryParser.parseEntry(entry);
         } else {
             return null;

Reply via email to