FTP: Cannot access files with visually-blacklisted characters in filename |
||
Issue descriptionChrome Version: 67.0.3396.62 OS: Linux What steps will reproduce the problem? (1) Host a file called "🔒.txt" on an FTP server [see below]. (2) Visit the FTP server in Chrome using the ftp: URL scheme. (3) Click the file. What is the expected result? The file contents is shown. What happens instead? ERR_FTP_FAILED This is the same problem as we saw in Issue 585422 , but for ftp: URLs instead of file: URLs. See Issue 849998 for details of the high-level problem. GetRequestPathForFtpCommand in net/ftp/ftp_network_transaction.cc uses URL_SPECIAL_CHARS_EXCEPT_PATH_SEPARATORS which is designed for visual URL displays and avoids decoding characters that might result in visual spoofs. Should use UnescapeBinaryURLComponent instead.
,
Jun 7 2018
I logged the TCP stream with Wireshark. Here's opening a normal file with Unicode filename (C is Chrome, S is server): C: SIZE /ä½ å¥½.txt S: 213 8 C: CWD /ä½ å¥½.txt S: 550 Failed to change directory. C: PASV S: 227 Entering Passive Mode (127,0,0,1,78,163). C: RETR /ä½ å¥½.txt S: 150 Opening BINARY mode data connection for /ä½ å¥½.txt (8 bytes). S: 226 Transfer complete. Here's opening 🔒.txt: C: SIZE /%F0%9F%94%92.txt S: 550 Could not get file size. C: CWD /%F0%9F%94%92.txt S: 550 Failed to change directory. C: PASV S: 227 Entering Passive Mode (127,0,0,1,215,152). C: RETR /%F0%9F%94%92.txt S: 550 Failed to open file. As I suspected, Chrome is failing to decode those percent-encoded bytes, and sending that as an FTP path, which is meaningless in the FTP protocol.
,
Jun 7 2018
Worth noting that FTP doesn't even specify a character set, so non-UTF-8 names are valid, too. |
||
►
Sign in to add a comment |
||
Comment 1 by mgiuca@chromium.org
, Jun 7 2018