Opened 20 years ago

Last modified 20 years ago

#768 closed Bug report

invalid folder creation bug

Reported by: running_pinata Owned by:
Priority: critical Component: Unknown
Keywords: Cc: running_pinata, madkat, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

I run an anonymous ftp, however some random users are
able to create bad directory names (directory names
beginning with spaces and with trailing spaces) thus
not being able to delete them later. Tried deleting the
directory from windows explorer and no dice. Seems bad
directory names are made regardless if the MKD command
was a valid folder name. Log attached.

Attachments (1)

moo.txt (93.3 KB ) - added by running_pinata 20 years ago.

Download all attachments as: .zip

Change History (3)

by running_pinata, 20 years ago

Attachment: moo.txt added

comment:1 by madkat, 20 years ago

I think the issue is not the leading/trailing spaces, but
the BIOS Device names inside them. Though it may be a good
idea to trim spaces from the starts/ends of the names, and
perhaps even convert additional spaces to underscores.

Would be a good feature to have - banned words in folder
names. Should default to a list of (whole word only) aux,
aux0 ... aux99, prn, prn0 ... prn99, con, con0 ... con99,
nul, nul0 ... nul99, lpt, lpt0 ... lpt99, com, com0 ...
com99, ".", "..", "..."
I've had a similar problem in the past when running Serv-U,
and it's a trick people use to host illegal files on public
FTPs. The only ways to get rid of them are to format the
disk, or use a disk editor app to alter the file table
(which is risky!)
Should also disallow characters <32 and >127 in all commands.

comment:2 by Tim Kosse, 20 years ago

This bug report has been closed due to inactivity and has possibly
already been solved.

You can reopen this report if the issue still exists in the
latest version of FileZilla (Server).

Note: See TracTickets for help on using tickets.