[wget-notify] [bug #22538] Mishandling of FTP URLS with .. at the
beginning of the path.
Micah Cowan
INVALID.NOREPLY at gnu.org
Mon Mar 10 12:44:59 PDT 2008
URL:
<http://savannah.gnu.org/bugs/?22538>
Summary: Mishandling of FTP URLS with .. at the beginning of
the path.
Project: GNU Wget
Submitted by: micahcowan
Submitted on: Monday 03/10/2008 at 12:44
Category: Protocol Issue
Severity: 4 - Important
Priority: 5 - Normal
Status: Confirmed
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: None
Operating System: None
Reproducibility: None
Fixed Release: None
Planned Release: 1.11.1
Regression: Yes
Work Required: 0 - Hours
Patch Included: None
_______________________________________________________
Details:
Here's the full message, with debug logs, sent to me via direct mail (because
the list server was rejecting it):
Hi Micah,
I've tried to post this reply to the mailing list but it's getting blocked by
SpamAssassin so having to reply directly - hope that's OK.
Richard
----------------------------------------------------------------------------------------------------------------------
Micah Cowan <micah <at> cowan.name> writes:
> I'd need to see the full logs (with --debug set) for both Wget 1.10.2
> and the working (via proxy) and not-working Wget 1.11 cases. Or else, an
> example URL that we can test directly that gives this behavior.
>
> I'll try to set up a similar test of my own when I have a chance, but
> the fact that it works when using a proxy makes me think that it's
> server-dependent behavior, so I'll probably still end up needing logs.
>
> --
> Micah J. Cowan
> Programmer, musician, typesetting enthusiast, gamer...
> http://micah.cowan.name/
>
Hi Micah,
Thanks for the reply. OK here goes with the debug logs. All the following is
from command:
wget --debug --user=xxxxxxx --password=xxxxxxxx
--output-document=access.20080309.gz
ftp://ftp.xxxxxxx.pwp.blueyonder.co.uk/../logs/access.20080309
============================================================
VERSION 1.10.2 - WORKS
Setting --user (user) to xxxxxxx
Setting --password (password) to xxxxxxxx
Setting --output-document (outputdocument) to access.20080309.gz
DEBUG output created by Wget 1.10.2 on solaris2.9.
--19:02:08--
ftp://ftp.xxxxxxx.pwp.blueyonder.co.uk/../logs/access.20080309.gz
=> `access.20080309.gz'
Resolving ftp.xxxxxxx.pwp.blueyonder.co.uk... 194.117.143.87, 194.117.143.85
Caching ftp.xxxxxxx.pwp.blueyonder.co.uk => 194.117.143.87 194.117.143.85
Connecting to ftp.xxxxxxx.pwp.blueyonder.co.uk|194.117.143.87|:21...
connected.
Created socket 5.
Releasing 0x00061680 (new refcount 1).
Logging in as xxxxxxx ... 220-Welcome to the Virgin Media PWP FTP servers.
The local time is Mon Mar 10 19:02:08 2008
Upload your website files in this directory.
You can change up a directory [cd ..] and access your logfiles.
To access your statistics you need to login via selfcare first at
http://selfcare.blueyonder.co.uk and view them via a browser.
Any problems with the service should be reported via the helpsite at
http://help.blueyonder.co.uk or in the blueyonder.support.pwp newsgroup.
220 ProFTPD 1.3.0rc2 Server (Telewest PWP) [172.23.166.50]
--> USER xxxxxxx
331 Password required for xxxxxxx.
--> PASS xxxxxxxx
230 User xxxxxxx logged in.
Logged in!
==> SYST ...
--> SYST
215 UNIX Type: L8
done. ==> PWD ...
--> PWD
257 "/htdocs" is current directory.
done.
==> TYPE I ...
--> TYPE I
200 Type set to I
done. changing working directory
Prepended initial PWD to relative path:
pwd: '/htdocs'
old: '../logs'
new: '/htdocs/../logs'
==> CWD /htdocs/../logs ...
--> CWD /htdocs/../logs
250 CWD command successful
done.
conaddr is: 194.117.143.87
==> PASV ...
--> PASV
227 Entering Passive Mode (194,117,143,87,164,107).
trying to connect to 194.117.143.87 port 42091
Created socket 6.
done. ==> RETR access.20080309.gz ...
--> RETR access.20080309.gz
150 Opening BINARY mode data connection for access.20080309.gz (7906 bytes)
done.
Length: 7,906 (7.7K) (unauthoritative)
0K ....... 100% 547.40
KB/s
Closed fd 6
226 Transfer complete.
Closed fd 5
19:02:08 (547.40 KB/s) - `access.20080309.gz' saved [7906]
============================================================
VERSION 1.11 - DOES NOT WORK
Setting --user (user) to xxxxxxx
Setting --password (password) to xxxxxxxx
Setting --output-document (outputdocument) to access.20080309.gz
DEBUG output created by Wget 1.11 on solaris2.9.
--2008-03-10 18:57:30--
ftp://ftp.xxxxxxx.pwp.blueyonder.co.uk/logs/access.20080309.gz
=> `access.20080309.gz'
Resolving ftp.xxxxxxx.pwp.blueyonder.co.uk... 194.117.143.87, 194.117.143.85
Caching ftp.xxxxxxx.pwp.blueyonder.co.uk => 194.117.143.87 194.117.143.85
Connecting to ftp.xxxxxxx.pwp.blueyonder.co.uk|194.117.143.87|:21...
connected.
Created socket 5.
Releasing 0x00060640 (new refcount 1).
Logging in as xxxxxxx ... 220-Welcome to the Virgin Media PWP FTP servers.
The local time is Mon Mar 10 18:57:34 2008
Upload your website files in this directory.
You can change up a directory [cd ..] and access your logfiles.
To access your statistics you need to login via selfcare first at
http://selfcare.blueyonder.co.uk and view them via a browser.
Any problems with the service should be reported via the helpsite at
http://help.blueyonder.co.uk or in the blueyonder.support.pwp newsgroup.
220 ProFTPD 1.3.0rc2 Server (Telewest PWP) [172.23.166.50]
--> USER xxxxxxx
331 Password required for xxxxxxx.
--> PASS xxxxxxxx
230 User xxxxxxx logged in.
Logged in!
==> SYST ...
--> SYST
215 UNIX Type: L8
done. ==> PWD ...
--> PWD
257 "/htdocs" is current directory.
done.
==> TYPE I ...
--> TYPE I
200 Type set to I
done. changing working directory
Prepended initial PWD to relative path:
pwd: '/htdocs'
old: 'logs'
new: '/htdocs/logs'
==> CWD /htdocs/logs ...
--> CWD /htdocs/logs
550 /htdocs/logs: No such file or directory
No such directory `logs'.
Closed fd 5
============================================================
VERSION 1.11 (THROUGH PROXY) - WORKS
Setting --user (user) to xxxxxxx
Setting --password (password) to xxxxxxxx
Setting --output-document (outputdocument) to access.20080309.gz
DEBUG output created by Wget 1.11 on solaris2.9.
--2008-03-10 18:59:10--
ftp://ftp.xxxxxxx.pwp.blueyonder.co.uk/logs/access.20080309.gz
Host `ftp.xxxxxxx.pwp.blueyonder.co.uk' has not issued a general basic
challenge.
Resolving webcache.virginmedia.com... 195.188.152.6
Caching webcache.virginmedia.com => 195.188.152.6
Connecting to webcache.virginmedia.com|195.188.152.6|:8080... connected.
Created socket 5.
Releasing 0x00060680 (new refcount 1).
---request begin---
GET ftp://ftp.xxxxxxx.pwp.blueyonder.co.uk/logs/access.20080309.gz HTTP/1.0
User-Agent: Wget/1.11
Accept: */*
Host: ftp.xxxxxxx.pwp.blueyonder.co.uk
---request end---
Proxy request sent, awaiting response...
---response begin---
HTTP/1.0 401 FTP Authentication Needed
WWW-Authenticate: Basic real="FTP server"
---response end---
401 FTP Authentication Needed
Closed fd 5
Inserted `ftp.xxxxxxx.pwp.blueyonder.co.uk' into basic_authed_hosts
Found webcache.virginmedia.com in host_name_addresses_map (60680)
Connecting to webcache.virginmedia.com|195.188.152.6|:8080... connected.
Created socket 5.
Releasing 0x00060680 (new refcount 1).
---request begin---
GET ftp://ftp.xxxxxxx.pwp.blueyonder.co.uk/logs/access.20080309.gz HTTP/1.0
User-Agent: Wget/1.11
Accept: */*
Host: ftp.xxxxxxx.pwp.blueyonder.co.uk
Authorization: Basic cmxlZWRlbjpyaWNobW9uZA==
---request end---
Proxy request sent, awaiting response...
---response begin---
HTTP/1.0 200 OK
Age: 0
Date: Mon, 10 Mar 2008 18:59:30 GMT
Content-Type: application/x-gzip
Last-Modified: Mon, 10 Mar 2008 02:07:16 GMT
Content-Type: application/x-gzip
Content-Encoding: x-gzip
---response end---
200 OK
Length: unspecified [application/x-gzip]
Saving to: `access.20080309.gz'
0K ....... 104K=0.07s
Closed fd 5
2008-03-10 18:59:10 (104 KB/s) - `access.20080309.gz' saved [7906]
============================================================
Hope that helps,
Richard
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?22538>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the wget-notify
mailing list