Skip to content

FTP: More EPLF 'm' timestamp parsing fixes #2207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MegaManSec wants to merge 13 commits into
base: master
Choose a base branch
from
Open

FTP: More EPLF 'm' timestamp parsing fixes #2207

MegaManSec wants to merge 13 commits into from
+19 −14

Conversation

@MegaManSec
Copy link
Contributor

@MegaManSec MegaManSec commented Sep 7, 2025
edited by rousskov
Loading

The m case in ftpListParseParts() reversed the strtol() validity
check. We broke out when any digits were consumed instead of only when
no conversion happened. As a result, valid epoch timestamps were treated
as invalid and p->date was often left unset.

Also guard against ctime() returning nil and avoid null pointer
dereference if no newline is present in ctime() output.

Also reject m entries with trailing garbage.

@squid-anubis

This comment was marked as resolved.

Sign in to view
@squid-anubis squid-anubis added the M-failed-description https://github.com/measurement-factory/anubis#pull-request-labels label Sep 7, 2025
@MegaManSec MegaManSec changed the title FtpGateway: fix 'm' timestamp parsing; guard ctime(); trim safely FtpGateway: fix 'm' timestamp parsing; guard ctime() Sep 7, 2025
@squid-anubis squid-anubis removed the M-failed-description https://github.com/measurement-factory/anubis#pull-request-labels label Sep 7, 2025
yadij
yadij previously approved these changes Sep 8, 2025
View reviewed changes
Copy link
Contributor

@yadij yadij left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"good enough". Long-term we need to replace the parsing with a Tokenizer.

@yadij yadij added M-cleared-for-merge https://github.com/measurement-factory/anubis#pull-request-labels S-could-use-an-approval An approval may speed this PR merger (but is not required) backport-to-v7 maintainer has approved these changes for v7 backporting labels Sep 8, 2025
@yadij yadij changed the title FtpGateway: fix 'm' timestamp parsing; guard ctime() FTP: fix 'm' timestamp parsing; guard ctime() Sep 8, 2025
rousskov
rousskov requested changes Sep 8, 2025
View reviewed changes
Copy link
Contributor

@rousskov rousskov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@eduard-bagdasaryan, please run this PR through the tests that you did for recent commit 965e255. I am a bit surprised that the reversal of that tmp condition has not affected those tests; I am not claiming that the official condition was correct.

@rousskov rousskov removed M-cleared-for-merge https://github.com/measurement-factory/anubis#pull-request-labels S-could-use-an-approval An approval may speed this PR merger (but is not required) labels Sep 8, 2025
@MegaManSec MegaManSec requested a review from rousskov September 8, 2025 21:37
yadij
yadij requested changes Sep 9, 2025
View reviewed changes
@yadij yadij added the S-waiting-for-author author action is expected (and usually required) label Sep 9, 2025
rousskov
rousskov requested changes Sep 9, 2025
View reviewed changes
@rousskov rousskov changed the title FTP: fix 'm' timestamp parsing; guard ctime() FTP: More EPLF 'm' timestamp parsing fixes Sep 9, 2025
@eduard-bagdasaryan
Copy link
Contributor

eduard-bagdasaryan commented Sep 18, 2025

run this PR through the tests

Done, no problems were found.

@MegaManSec MegaManSec requested a review from rousskov October 20, 2025 09:36
@MegaManSec MegaManSec requested a review from yadij October 20, 2025 09:36
rousskov
rousskov previously requested changes Oct 22, 2025
View reviewed changes
@MegaManSec MegaManSec requested a review from rousskov October 31, 2025 17:18
@rousskov rousskov added S-waiting-for-reviewer ready for review: Set this when requesting a (re)review using GitHub PR Reviewers box and removed S-waiting-for-author author action is expected (and usually required) labels Oct 31, 2025
rousskov
rousskov reviewed Oct 31, 2025
View reviewed changes
@rousskov rousskov dismissed their stale review October 31, 2025 21:23

My primary concerns have been addressed.

@rousskov
Copy link
Contributor

rousskov commented Oct 31, 2025

I adjusted PR description a little to mention trailing garbage handling and to avoid retelling the fairly clear diff when it comes to strstr() refactoring. I am not against adding some text about that refactoring though.

kinkie
kinkie approved these changes Nov 2, 2025
View reviewed changes
rousskov
rousskov reviewed Nov 3, 2025
View reviewed changes
src/clients/FtpGateway.cc
Comment on lines +712 to +713
if (*secondsEnd && *secondsEnd != ',')
break; // trailing garbage after the seconds value
Copy link
Contributor

@rousskov rousskov Nov 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alex: I wonder whether whitespace ought to be allowed after the mNNN value.

Francesco: A quick reading of https://cr.yp.to/ftp/list/eplf.html says no, it ought not be allowed

Agreed. However, the same document also prohibits NUL after the mNNN value -- it requires a comma, even if m is the last fact in the list of facts. Thus, AFAICT, this code should become something like this:

Suggested change
if (*secondsEnd && *secondsEnd != ',')
break; // trailing garbage after the seconds value
if (!secondsEnd || *secondsEnd != ',')
break; // missing comma terminator after the `m` fact value

Ideally, this check should be placed after seconds validation currently located below.

@yadij yadij mentioned this pull request Nov 20, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rousskov rousskov rousskov left review comments

@kinkie kinkie kinkie approved these changes

@yadij yadij Awaiting requested review from yadij

+1 more reviewer

@eduard-bagdasaryan eduard-bagdasaryan eduard-bagdasaryan approved these changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

backport-to-v7 maintainer has approved these changes for v7 backporting S-waiting-for-reviewer ready for review: Set this when requesting a (re)review using GitHub PR Reviewers box

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@MegaManSec @squid-anubis @eduard-bagdasaryan @rousskov @kinkie @yadij