Closed Bug 119071 Opened 23 years ago Closed 23 years ago

Can not ftp files from / on Cobalt web server

Categories

(Core Graveyard :: Networking: FTP, defect)

Product:
Core Graveyard
Component:
Networking: FTP
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla0.9.9

People

(Reporter: mozilla, Assigned: andreas.otte)

References

Details

Attachments

(2 files)

patch to fix the problem
2.46 KB, patch
bbaetz
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review
another patch as described above, working around the wrong urls in tinderbox
5.64 KB, patch
bbaetz
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.7+) Gecko/20020108 BuildID: 2002010803 My web site is located on a Cobalt rackmounted server. To use ftp to access the log files I have to use the following instructions; ****************** Site Administrator FTP instructions ****************** This session begins in your user home directory at /users/dmccormack Your personal web directory is /users/dmccormack/web, accessible at the URL http:///~dmccormack/ As a site administrator, you can access the site home directory at / The site web directory is /web, accessible at the URL http:/// To upload to your personal web directory, type: "cd web", then "put ", where is the full file name of the document on your local computer. To upload to the site web directory, type: "cd /web", then "put " where is the full file name of the document on your local computer. ************************************************************************* Mozilla does not allow me to move higher than the initial starting folder though. Reproducible: Always Steps to Reproduce: Entering the address ftp://dmccormack:<password>@ftp.zamang.co.uk/../../logs in the address text box. Actual Results: I get the error message '/users/dmccormack/logs: No such file or directory'. Expected Results: I would have expected this to login (once I've entered the correct password), to have the current folder as /users/dmccormack then cd ../ twice up to /. It should then list the main folders in the root folder. It appears that Mozilla is ignoring the ../../ and preventing me from using Mozilla to access any of the admistrator files. I've tried this address in MSIE 6 and it is accepted. Though it might be broken behaviour on IE's part.
andreas - is this related to yuor fix for bug 84242?
Assignee: bbaetz → andreas.otte
Hm ... I don't think so. It's more a problem that we normalize the url while parsing it and part of that is to get rid of ../.. and similar stuff. One special thing: We don't go above the starting point, anything doing that will get dropped and that seems to happen here. What we do is okay for http, but maybe wrong for ftp. David: What url is displayed in the adress bar when you start with ftp://dmccormack:<password>@ftp.zamang.co.uk/../../logs after the error message ?
Andreas: After the error message is displayed the address stays the same as entered, 'ftp://dmccormack:<password>@ftp.zamang.co.uk/../../logs'.
Okay, I was able to reproduce it myself. The url in the adressbar seems not to be updated. I'm now pretty sure the problem is as I described above. The problem really seems to be that we normalize absolute as well as relative urls. For relative urls RFC 2396 says: If the resulting buffer string still begins with one or more complete path segments of "..", then the reference is considered to be in error. Implementations may handle this error by retaining these components in the resolved path (i.e., treating them as part of the final URI), by removing them from the resolved path (i.e., discarding relative levels above the root), or by avoiding traversal of the reference. and also: Parsers must be careful in handling the case where there are more relative path ".." segments than there are hierarchical levels in the base URI's path. Note that the ".." syntax cannot be used to change the authority component of a URI. ... In practice, some implementations strip leading relative symbolic elements (".", "..") after applying a relative URI calculation, based on the theory that compensating for obvious author errors is better than allowing the request to fail. Thus, the above two references will be interpreted as "http://a/g" by some implementations. Mozilla discards relative levels above the root. However we may be in error to also subject absolute URLs to this kind of normalisation. I could not find anything in RFC 2396 that says that absolute urls are also subject to this part of the algorithm to resolve relative urls. ccing darin on this.
Status: UNCONFIRMED → NEW
Ever confirmed: true
David: as a quick workaround you can probably set up a soft link to / in your home dir... that way you can still use mozilla to access files outside your home directory. andreas: seems to me that "ftp://user:pass@foo.com/../../bar" should be valid. only the FTP server knows otherwise. our coalescing logic needs to be smarter to not collapse ../'s when it would change the resource being referenced. a change like this would probably be ok for http, though i can't imagine it being useful in practice. another thing is to consider security issues... are there any we need to consider here? nothing comes to mind, but we should be careful.
A security problem with http might arise when the webserver would allow ../../ GETs to move to a level above the root of the webserver. But that would be a bug with the webserver ...
This patch to CoalesceDirs does not drop to much /.. instead it leaves them in the path. Darin could you take a look? This works now with the travesal variable which counts the hierachies.
Comment on attachment 64667 [details] [diff] [review] patch to fix the problem sr=darin
Attachment #64667 - Flags: superreview+
Bradley, want to give a r=, already have sr= from darin
Comment on attachment 64667 [details] [diff] [review] patch to fix the problem This looks fine. PRUint32 instead of int, and use --traversal intsead of traversal--, (and ++foo intead of foo += 1). r=bbaetz if you've tested.
Attachment #64667 - Flags: review+
incorporated bbaetz suggestions, tested again with standard urltest tests and some special cases. fix checked in.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
I think the fix for this bug broke the relative links (the dates) on the right side of http://tinderbox.mozilla.org/showbuilds.cgi?tree=SeaMonkey . I'd be surprised if it didn't break other sites as well. Could it be limited to FTP? What do the URI and URL RFCs say?
...or, now that I read the bug more carefully, perhaps it could be limited to absolute URLs only?
ok, i backed out the patch. we need to figure out how relative paths are getting into CoallesceDirs and determine if they either need to be stopped from doing so, or if CoallesceDirs needs to also know how to deal with them :-(
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Hmmm ... sorry I had to sleep for three hours ... it should be okay for both absolute and relative urls. The problems seems to be if the absolute url does not end with an / but the last part of the path is *meant* as part of the directory (but parsed as filname instead). Did not catch this case with urltest and also not with the other tests I did and I couldn't because it's correct what happens. My guess is we had this problem in the old version of CoalesceDirs too but dropping the ../ saved it. I could make tinderbox a case for tech evangelism. ;-)
Further looking into this ... it's not exactly what I thought first, the html generated by the tinderbox script seems to be bogus, please correct me if I'm wrong here. The base-url is: http://tinderbox.mozilla.org/showbuilds.cgi?tree=SeaMonkey The directory part is /. The generated html contains then: <tt> <a HREF='showlog.cgi?log=SeaMonkey/1011167160.20268.gz' onclick="return log(event,0,'1011167160.20268.gz');">L</a> <a href=../bonsai/cvsquery.cgi?module=MozillaTinderboxAll&date=explicit&mindate=1011165060&maxdate=1011167159>C</a></tt> or <td> <a href='../registry/who.cgi?email=law%25netscape.com&d=MozillaTinderboxAll|HEAD|/cvsroot|1011162660|1011162840' onclick="return who(event);">law</a> </td> Both hrefs are not correct since they reference stuff above the root level of the http server. Simply dropping the /.. in CoalesceDirs fixed the html in this page only by accident. If nobody objects I will file a tech evangelism bug against mozilla.org shortly, I always wanted to do that ... ;-)
showbuilds.cgi?tree=SeaMonkey is the same as http://tinderbox.mozilla.org/Seamonkey/, I think, or something similar. Doesn't the HTTP spec say something about these forms of urls?
That looks very much like the first URL I saw at home: http://tinderbox.mozilla.org/Seamonkey Note, it is without the / at the end, so my first comment after the backout would apply with the same result: wrong HTML. See comment 4 for info what the spec says. We simply changed from dropping to leaving.
The problem seems to be that there are different access paths to tinderbox information: http://tinderbox.mozilla.org/showbuilds.cgi?tree=SeaMonkey and http://tinderbox.mozilla.org/SeaMonkey/ The second one would work fine with the patch since it puts the base url at the right level. The first one seems to be the problem, the generated relative urls do not fit the base url. Previously we silently ignored this error ...
But wouldn't you expect that some other sites have the same problem, since it seems that all browsers handle such URLs the same way?
I don't expect it to see this in very much cases, since this clearly is a very visible error, base url and relative urls simply do not fit together. All this sites are cases for tech evangelism. I would like to do the following: 1. Get tinderbox fixed 2. Check in the patch again shortly after the 0.9.8 branch 3. See which (if any!) sites else have problems. What we do is clearly within the bounderies of RFC 2396: If the resulting buffer string still begins with one or more complete path segments of "..", then the reference is considered to be in error. Implementations may handle this error by retaining these components in the resolved path (i.e., treating them as part of the final URI), by removing them from the resolved path (i.e., discarding relative levels above the root), or by avoiding traversal of the reference.
I looked again and both versions are off by one level ... time to file another bug.
Depends on: 120396
As a quick solution we could add CoalesceDirsAbs to nsURLHelper which works like the CoalesceDirs in the patch. We would call that version while normalizing absoulte urls and call the original CoalesceDirs while resolving relative urls.
i agree... this sounds like a good plan to me. i do wish the code could be shared a bit more, but perhaps that would just result in something less efficient?? andreas: your comment is that this might be a good quick solution... what do you have in mind long term? sr=darin
Attachment #65454 - Flags: superreview+
The right solution in my opinion is of course the first patch. There is nothing wrong with it, it just found a big bug in the pages generated by tinderbox, because we are no longer so forgiving about ill formed relative urls. The second patch is only forgiving when doing resolutions of relative urls. My intention of course is to get in the first patch *after* tinderbox is fixed.
bbaetz, want to r= again?
Moving to 0.9.9
Target Milestone: --- → mozilla0.9.9
andreas: actually, if tinderbox is/was abusing this then i suspect other web sites probably do as well. so, i'm not sure it is worth it to try to land the original patch. what is wrong with the latest patch?
There is nothing wrong with it. I just think it is doing uri-fixup (by accident) that it should not do. Embedded links in a html page (as opposed to something the user types into the urlbar) should follow a certain minimal standard, and such (relative) urls are simply wrong. Doing this kind of "fixup" violates in my opinion all that mozilla stands for.
Doug, want to r= the second patch?
well, try this argument: ~$ cd /home /home$ cd / /$ cd ../../../../home /home$ cd /../../../home /home$ The filesystem does it, so why shouldn't uris? Anyway, the second patch is OK, I think. I'm a bit concerned about the #ifdef XP_WIN stuff, though - does that handle all cases? I don't know anything about windows charset handling.
I did not change the #ifdef XP_WIN stuff. So it should be okay if it is okay in the old CoalesceDirs. RFC 2396 clearly states that such an URI is wrong. Allowing it (and silently modifying it to something that *may be* correct) would just promote lazyness. I simply don't like it. For now I will go with the second patch and if it is checked in I will close this bug, but I will open a new one on the issue, ask around in the netlib newsgroup, ....
let bradley review the second since he reviewed the first.
Comment on attachment 65454 [details] [diff] [review] another patch as described above, working around the wrong urls in tinderbox OK. r=bbaetz
Attachment #65454 - Flags: review+
fix checked in
Status: REOPENED → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → FIXED
Keywords: testcase
Keywords: testcase
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: