Description
The new implementation of FTPClient.printWorkingDirectory() which tries to follow RFC959 is invalid and can return unescaped or invalid path in certain circumstances. According to the commentary, the author interpreted the RFC that the output is always constructed in the following way:
257<space>"<directory-name>"<space><commentary>
Where any double quotes within the directory name are doubled.
First issue: the RFC does not state that the output for PWD looks exactly like this, but that the reply code is the same, as for MKD. Especially, PWD does not return any commentary, and VSFTPD server (which I'm trying to talk to) does not print out the terminating space, but ends up the output on the last double quote. The algorithm uses the following code to detect the end of the quoted path:
int end = reply.lastIndexOf("\" ");
If there is no terminating space, the last double quote cannot be found, and as a result, the method returns the unescaped directory name:
"/foo"
instead of
/foo
Second issue: the current implementation would not work in case of the following directory:
/Foo/Bar" /Joe
PWD command output:
257 "/Foo/Bar"" /Joe"
Value returned by printWorkingDirectory():
/Foo/Bar"
Note to the administrators: the problem has been found in commons-net 3.2 version, but JIRA claims it is unreleased and does not allow me to choose it.
Attachments
Issue Links
- is duplicated by
-
NET-502 Apache FTPClient doesn't handle common responses to PWD
-
- Closed
-