Fix bug #72667

Ville Hukkamäki · nikic · commit cce457c68c3a · 2016-07-27T15:55:47.000+02:00
Open data stream after receiving PASV reply, before sending the
main request.

Included test cases for opendir() with ftp:// and ftps:// wrappers.
Test cases re-use ext/ftp/tests/server.inc

Conflicts:
	ext/standard/ftp_fopen_wrapper.c
diff --git a/NEWS b/NEWS
@@ -57,6 +57,8 @@ PHP                                                                        NEWS
 - Streams:
   . Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
   . Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
+  . Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for
+    non-existent directories). (vhuk)
 
 - SPL:
   . Fixed bug #72122 (IteratorIterator breaks '@' error suppression). (kinglozzer)
diff --git a/ext/ftp/tests/cert.pem b/ext/ftp/tests/cert.pem
@@ -1,48 +1,49 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCUFQxCzAJBgNVBAgTAkx4MQswCQYDVQQH
-EwJMeDEcMBoGA1UEChMTQSBtaW5oYSBlbXByZXNhLCBTQTEUMBIGA1UECxMLUEhQ
-IFFBIFRlYW0wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM9mfEOSYwXf58ch
-4NyO1QOU1XMfquz8OVpvMUITABLAevZpeQn6vZPHNyXHFQC0QC8scydK1rAYd2U+
-9K2aPub6ioMjYyjPpAE07l9EAAPUEBlqqsziB/wT8QjWkByyJEkYu+o0Wyjokhfn
-BMPvm52wLWUx9nvUeNDCftnKg1wxAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQDD
-s1FeqPxnF2bWj8/dG8MyPaRfOAMVz1UsCZUciXIVG5LSIvR2qnMC3iEYt3s13sEq
-z8VJlNHa8nniE+VFNv093yIu+PlWXMEvb5y5EFqP2AYq3RAT+SJsSxGqIdzPZiKY
-INaktLCZmQ/E1v7/4hFzVRq9ydJI82DVS1nv282Whw==
------END CERTIFICATE REQUEST-----
 -----BEGIN CERTIFICATE-----
-MIIC4zCCAkygAwIBAgIBADANBgkqhkiG9w0BAQQFADBbMQswCQYDVQQGEwJQVDEL
-MAkGA1UECBMCTHgxCzAJBgNVBAcTAkx4MRwwGgYDVQQKExNBIG1pbmhhIGVtcHJl
-c2EsIFNBMRQwEgYDVQQLEwtQSFAgUUEgVGVhbTAeFw0wNjExMTkxODIzNTNaFw0w
-NzExMTkxODIzNTNaMFsxCzAJBgNVBAYTAlBUMQswCQYDVQQIEwJMeDELMAkGA1UE
-BxMCTHgxHDAaBgNVBAoTE0EgbWluaGEgZW1wcmVzYSwgU0ExFDASBgNVBAsTC1BI
-UCBRQSBUZWFtMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPZnxDkmMF3+fH
-IeDcjtUDlNVzH6rs/DlabzFCEwASwHr2aXkJ+r2TxzclxxUAtEAvLHMnStawGHdl
-PvStmj7m+oqDI2Moz6QBNO5fRAAD1BAZaqrM4gf8E/EI1pAcsiRJGLvqNFso6JIX
-5wTD75udsC1lMfZ71HjQwn7ZyoNcMQIDAQABo4G2MIGzMB0GA1UdDgQWBBTIga5L
-q+Ub1SWXgNZRYCpq3c8Z+jCBgwYDVR0jBHwweoAUyIGuS6vlG9Ull4DWUWAqat3P
-GfqhX6RdMFsxCzAJBgNVBAYTAlBUMQswCQYDVQQIEwJMeDELMAkGA1UEBxMCTHgx
-HDAaBgNVBAoTE0EgbWluaGEgZW1wcmVzYSwgU0ExFDASBgNVBAsTC1BIUCBRQSBU
-ZWFtggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAe6AA8aC3KDI8
-smd+7XWjaTSp1Q0uMkEZ2PEBzif2I1aPPqw1CQykJ1iDdC/8PJ1yEIezloP2XQoZ
-NjTaCO+uubay03ncoPTZvDUwExN9BYFAYgc2z3tLMHYbA7kM2sIbKys7ZQegLibr
-TSKYQOBeYA/FB9GHECJGU3zBRvYi+Og=
+MIIDhTCCAm2gAwIBAgIJAN75FFz+owOAMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCTEyNy4wLjAuMTAeFw0xNjA3MjUxMjM3
+MTJaFw0yNjA3MjMxMjM3MTJaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
+LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
+BAMMCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtG
+AIrNUDItISfpAqztL2TFEWEHLGTzCEh5Ag2sdMD7UYbqIPHLOE4EINv+dqEMM0Nz
+LYnw7ChtVegXT907xCaQcmeDFSdhqze4L8zawDfnn4syB8XAwGYJfpstYwe3nO6+
+0WvLSb1A5TYNeyoXjwlAUKElxkeWAo51uhR41GDhDQ9GgpqX1ccAhmSoUhgIRSzf
+6f4KE3WTdzl1p12ZtkYHB8Jo2jB/JXnwGOz6isLnpRvkex4B7sUX+7u1MqK/e1X7
+Hi1G/VkaAfC2SOfjTePtGBDBXrQ1arYXDPRA04sgFzSh55l7lC/4HasQ/jAb3h95
+dcEIqyc69iioaN1c1NcCAwEAAaNQME4wHQYDVR0OBBYEFNv3kefb1H+6/6CpjiBi
++I2s9E90MB8GA1UdIwQYMBaAFNv3kefb1H+6/6CpjiBi+I2s9E90MAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIzSEWpHSaBs7KduBRXX5+qFxBN6OCPl
+7ID0rxAOYfw7ruzbmwgOpBgMIHGn+KqA6CmQI0jh9bZbv5TV2aFpFsUihugPc2lW
+5EshCozxlEPmIJNsO8jDqPE4w3m4KiVTscRWjBa5cco+lwLDqboerm2l7vvrtr6B
+pgLaZct1c73MouvoJSCGK5EOGW7jsgaxjxJ3UZug+24Ko1wulO2cgBLhda9Ilrnx
+CIKI9h8Z2WVWuVQfyCyO1g7XkJgkBec77OhxD+m4onzPY6waqnnhmFOBcS+gKgBV
+jHeK9DCvZ9zet3EyEp6fyQOOtsC+gU0piYgfsQL7aCp5oLe+fjTiuUY=
 -----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,928762DB6DE222AD
-
-oOxNUBX0wrqmRqb3IEZMogc1bnVm6JoW6YFjGfHNcIz0jS7UPDhUFDR26y0dYujL
-LEgxOcYo8ItvGcXSRbs+3W7lISbosgkB0DOaKx5jVmOGwUVRergUUSY8rbf93FtP
-27CEvAfsU6do5HmlJ34mYZW1k+onCznlJXJkupQ5jmiily3GwEdr/5mMIVOmXQ6p
-xWkxHySDKyVbR0v4JY3SJLRBuhgofYNG5155PiqZ7KwYY4Aw60eVgINsvJCF9/8b
-kEj+lecHbBdAf7N82320Ga+F+VeFnUl0gWFjoIF9UFCO80+7ZvIGdGlyPkr4zMvt
-TsC1snJQdHg+IlT3sGayYrQANpTG6GPYhn3KEvK5aqq+bPEe5lija0gw34jbPCo+
-TjHR76lToxzubGZODyyF/rjl5KwUbqTCNuv1PX1jTx7n7sCbu+KHpqXMhTHLKtby
-+Wh7WAfsVrbIW+P85/mkfhPbPZ2621f9cyStdFGgWU4dHdD00HIGOgAJvUSbC2Au
-oVUoKf2818t1s9aA4ptog04sNi+Ixu+z+3yYNLZj51j4ZX3KuXxLIiQvlvFQ8LQi
-RHGQk3u2W3iNtDKKUQjMPaB2FlVtC7FmtHBCpRmos6ld240DDyucqMdIDTMaqV0+
-sL4X+LIeBM/hP/IquRTuQBHBmgjkN4845ihTUJOanyKx605ANq/roHzXrbIxhR5p
-pcJLCBMLMWgdOCJMZRavSq04iXeNfP6Mk/joVpHS62Ljdfc94BBLfsOKOErA20Nq
-lfvbZqy2tI5IIDoq05S8FU0DYNqq/hyrv9Udo8IAo+WkBOABm0x/WA==
------END RSA PRIVATE KEY-----
- 
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7RgCKzVAyLSEn
+6QKs7S9kxRFhByxk8whIeQINrHTA+1GG6iDxyzhOBCDb/nahDDNDcy2J8OwobVXo
+F0/dO8QmkHJngxUnYas3uC/M2sA355+LMgfFwMBmCX6bLWMHt5zuvtFry0m9QOU2
+DXsqF48JQFChJcZHlgKOdboUeNRg4Q0PRoKal9XHAIZkqFIYCEUs3+n+ChN1k3c5
+daddmbZGBwfCaNowfyV58Bjs+orC56Ub5HseAe7FF/u7tTKiv3tV+x4tRv1ZGgHw
+tkjn403j7RgQwV60NWq2Fwz0QNOLIBc0oeeZe5Qv+B2rEP4wG94feXXBCKsnOvYo
+qGjdXNTXAgMBAAECggEAD7yDISa9fWnjZlojGmrX16zjl/alWVo+sPBSJtn9+ZVk
+tWSJHihIc+3O4Q2R5FiFGj7cbcHr5j3BwT3sPRfflKoAowgVx/hiDc2RXrJnAouZ
+EXZDxu86e5iCpgF7V9OrATjRmjA74wZH/HHHjrLqFwnrfI8TCULmthfYag35Mqax
+qrIEzvSuYdaGxblNe+ZfnVEDW2F9DLBGcma0ffUlJp8AvV7bpo8Rj/JovPxit/VS
+UdwSRxwSAugctFpmcGlFkoQfxUx1WdEy8hjopLrayMjCCJvRUL4+C4zT9r9PBHOj
+fCSbJ+ajQIoRrgaL9bURk8BFMHY8+yMUsWEYVSmFAQKBgQDtOvPkhvZsNocUB5nJ
+ti3SXyDQ6OZQuKKHPSeDV/EvmZKeNlrQ1ZnwXLP3vkcedDOkt1nEVq/hUewpjt08
+2MvmMwJBQEnmbTzMf43DtlXsStdP1lhYaFbU4iMM5zRfyBHDu1GPZEPXvKKpJUk0
+M+jYIyTAP3mcZhqDKn0mPVP7VwKBgQDKFy9DtWFKxCvhFQvHx7YeZiVWJbIst/O4
+ZyuPVAErni0hzSeCkmm7+F9hgEdPSLRcSaeTWP4L0u1cixECKboIhoNs38aft7o3
+MdnI2RDSEKtKX2uVuhvpGDNuGpBAc8Qu8iCiv5INSC36ZhD1h++O/TiiUdgRJ3yX
+yeG7ej+CgQKBgCR5F95e0aw5hfMSaBaXJ9xcO9Niu2ZVvMdGI7kR4EcNOXmRqczJ
+ym0mE5VXb9/Cxd3hQq/pFAl0avbIvEMKoe62kPYvSC1hRiO6yLT6Z6N4rjncHqEZ
+CaCZVAI72dWQEQsi1ZtSMwwMOIYA8YxRHs98N75HBA+DszfPZIZoj2zpAoGBAJHp
+B3ElhmeLF/tdTLIj2bQ9H/wBH5H2Bvw/UU4c4vNxMzjSfRJjUAAtpgAptFLkNYTk
+kR9sA5DZ7BMDPXaIVg9Nv5peP3SWHNc5IPtI7kIdUu9R0cW7J+e2V3vJphlC/ITA
+wRuAoZ0BXmEKTHhae3aMEdXwrcZE8kpNsrO/4hcBAoGBAMISiPJPuxAX1UtqcxTa
+mDJfnQ2gxRu6AK9VmXqo0X4IBxDSnTjcL0huUlS849wgsE5oTXgdYb2hn+TXM5JJ
+NsEXLhV09X1mrk4M4LV1npd0mYxvFsO4+p+IX5YLiahInmQtq0gx3DWE8wouVFER
+4yzfp27z8MZT8Qvr/ZI9lzWd
+-----END PRIVATE KEY-----
diff --git a/ext/ftp/tests/server.inc b/ext/ftp/tests/server.inc
@@ -2,7 +2,7 @@
 
 $socket = null;
 $errno = 0;
-$context = stream_context_create(array('ssl' => array('local_cert' => dirname(__FILE__).'/cert.pem', 'passphrase' => 'pass')));
+$context = stream_context_create(array('ssl' => array('local_cert' => dirname(__FILE__).'/cert.pem')));
 
 for ($i=0; $i<10 && !$socket; ++$i) {
 	$port = rand(50000, 65535);
@@ -265,7 +265,7 @@ if ($pid) {
 
 		} elseif (preg_match("~^NLST(?: ([A-Za-z./]+))?\r\n$~", $buf, $m)) {
 
-			if (isset($m[1]) && $m[1] === 'bogusdir') {
+			if (isset($m[1]) && (($m[1] === 'bogusdir') || ($m[1] === '/bogusdir'))) {
 				fputs($s, "250 $m[1]: No such file or directory\r\n");
 				continue;
 			}
@@ -276,13 +276,18 @@ if ($pid) {
 				continue;
 			}
 
-			fputs($s, "150 File status okay; about to open data connection\r\n");
-
-			if (!$fs = stream_socket_client("tcp://$host:$port")) {
-				fputs($s, "425 Can't open data connection\r\n");
-				continue;
+			if (empty($pasv)) {
+				fputs($s, "150 File status okay; about to open data connection\r\n");
+				if (!$fs = stream_socket_client("tcp://$host:$port")) {
+					fputs($s, "425 Can't open data connection\r\n");
+					continue;
+				}
+			} else {
+				fputs($s, "125 Data connection already open; transfer starting.\r\n");
+				$fs=$pasvs;
 			}
 
+
 			if (empty($m[1]) || $m[1] !== 'emptydir') {
 				fputs($fs, "file1\r\nfile1\r\nfile\nb0rk\r\n");
 			}
@@ -368,7 +373,7 @@ if ($pid) {
                                         }
 					fputs($s, "226 Closing data Connection.\r\n");
                                         break;
-                case "mediumfile":
+				case "mediumfile":
 					fputs($s, "150 File status okay; about to open data connection.\r\n");
 					for($i = 0; $i < 150; $i++){
 						fputs($fs, "This is line $i of the test data.\n");
@@ -384,13 +389,26 @@ if ($pid) {
 
 
 		}elseif (preg_match('/^PASV/', $buf, $matches)) {
-			$port = $pasv_port;
-			$p2 = $port % ((int) 1 << 8);
-			$p1 = ($port-$p2)/((int) 1 << 8);
+			$pasv=true;
+			$p2 = $pasv_port % ((int) 1 << 8);
+			$p1 = ($pasv_port-$p2)/((int) 1 << 8);
 			$host = "127.0.0.1";
+			if (!empty($ssl)) {
+				$soc = stream_socket_server("tcp://127.0.0.1:$pasv_port", $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
+			} else {
+				$soc = stream_socket_server("tcp://127.0.0.1:$pasv_port");
+			}
+
 			fputs($s, "227 Entering Passive Mode. (127,0,0,1,{$p1},{$p2})\r\n");
 
+			$pasvs = stream_socket_accept($soc,10);
+
+			if ((!empty($ssl)) && (!stream_socket_enable_crypto($pasvs, true, STREAM_CRYPTO_METHOD_SSLv23_SERVER))) {
+				die("SSLv23 handshake failed.\n");
+			}
 
+		}elseif (preg_match('/^EPSV/', $buf, $matches)) {
+			fputs($s, "550 Extended passsive mode not supported.\r\n");
 		} elseif (preg_match('/^SITE EXEC/', $buf, $matches)) {
 			fputs($s, "200 OK\r\n");
 
diff --git a/ext/standard/ftp_fopen_wrapper.c b/ext/standard/ftp_fopen_wrapper.c
@@ -716,43 +716,47 @@ php_stream * php_stream_ftp_opendir(php_stream_wrapper *wrapper, const char *pat
 	if (result > 299 || result < 200)
 		goto opendir_errexit;
 
+	// tmp_line isn't relevant after the php_fopen_do_pasv().  
+	tmp_line[0] = '\0';
+
 	/* set up the passive connection */
 	portno = php_fopen_do_pasv(stream, ip, sizeof(ip), &hoststart TSRMLS_CC);
 
 	if (!portno) {
 		goto opendir_errexit;
 	}
 
-	php_stream_printf(stream TSRMLS_CC, "NLST %s\r\n", (resource->path != NULL ? resource->path : "/"));
-	
 	/* open the data channel */
 	if (hoststart == NULL) {
 		hoststart = resource->host;
 	}
+
 	datastream = php_stream_sock_open_host(hoststart, portno, SOCK_STREAM, 0, 0);
 	if (datastream == NULL) {
 		goto opendir_errexit;
 	}
 
-	result = GET_FTP_RESULT(stream);
-	if (result != 150 && result != 125) {
-		/* Could not retrieve or send the file 
-		 * this data will only be sent to us after connection on the data port was initiated.
-		 */
-		php_stream_close(datastream);
-		datastream = NULL;
-		goto opendir_errexit;	
-	}
-	
 	php_stream_context_set(datastream, context);
-
 	if (use_ssl_on_data && (php_stream_xport_crypto_setup(datastream,
 			STREAM_CRYPTO_METHOD_SSLv23_CLIENT, NULL TSRMLS_CC) < 0 ||
 			php_stream_xport_crypto_enable(datastream, 1 TSRMLS_CC) < 0)) {
 
 		php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Unable to activate SSL mode");
 		php_stream_close(datastream);
 		datastream = NULL;
+		goto opendir_errexit;	
+	}
+
+
+	php_stream_printf(stream TSRMLS_CC, "NLST %s\r\n", (resource->path != NULL ? resource->path : "/"));
+
+	result = GET_FTP_RESULT(stream);
+	if (result != 150 && result != 125) {
+		/* Could not retrieve or send the file
+		 * this data will only be sent to us after connection on the data port was initiated.
+		 */
+		php_stream_close(datastream);
+		datastream = NULL;
 		goto opendir_errexit;
 	}
 
diff --git a/ext/standard/tests/streams/opendir-001.phpt b/ext/standard/tests/streams/opendir-001.phpt
@@ -0,0 +1,22 @@
+--TEST--
+opendir() with 'ftp://' stream. 
+--SKIPIF--
+<?php
+if (array_search('ftp',stream_get_wrappers()) === FALSE) die("skip ftp wrapper not available.");
+if (!function_exists('pcntl_fork')) die("skip pcntl_fork() not available.");
+?>
+--FILE--
+<?php
+
+require __DIR__ . "/../../../ftp/tests/server.inc";
+
+$path="ftp://localhost:" . $port."/bogusdir";
+
+var_dump(opendir($path));
+?>
+==DONE== 
+--EXPECTF--
+Warning: opendir(ftp://localhost:%d/bogusdir): failed to open dir: FTP server reports 250 /bogusdir: No such file or directory
+ in %s on line %d
+bool(false)
+==DONE==
diff --git a/ext/standard/tests/streams/opendir-002.phpt b/ext/standard/tests/streams/opendir-002.phpt
@@ -0,0 +1,31 @@
+--TEST--
+opendir() with 'ftp://' stream. 
+--SKIPIF--
+<?php
+if (array_search('ftp',stream_get_wrappers()) === FALSE) die("skip ftp wrapper not available.");
+if (!function_exists('pcntl_fork')) die("skip pcntl_fork() not available.");
+?>
+--FILE--
+<?php
+
+require __DIR__ . "/../../../ftp/tests/server.inc";
+
+$path="ftp://localhost:" . $port."/";
+
+$ds=opendir($path);
+var_dump($ds);
+
+while ($fn=readdir($ds)) {
+      var_dump($fn);
+}
+
+closedir($ds);
+?>
+==DONE== 
+--EXPECTF--
+resource(%d) of type (stream)
+string(5) "file1"
+string(5) "file1"
+string(3) "fil"
+string(4) "b0rk"
+==DONE==
diff --git a/ext/standard/tests/streams/opendir-003.phpt b/ext/standard/tests/streams/opendir-003.phpt
@@ -0,0 +1,26 @@
+--TEST--
+opendir() with 'ftps://' stream. 
+--SKIPIF--
+<?php
+if (array_search('ftp',stream_get_wrappers()) === FALSE) die("skip ftp wrapper not available.");
+if (!function_exists('pcntl_fork')) die("skip pcntl_fork() not available.");
+if (!extension_loaded('openssl')) die ("skip openssl not available.");
+?>
+--FILE--
+<?php
+
+$ssl=true;
+require __DIR__ . "/../../../ftp/tests/server.inc";
+
+$path="ftps://127.0.0.1:" . $port."/bogusdir";
+
+$context = stream_context_create(array('ssl' => array('cafile' =>  __DIR__ . '/../../../ftp/tests/cert.pem')));
+
+var_dump(opendir($path, $context));
+?>
+==DONE== 
+--EXPECTF--
+Warning: opendir(ftps://127.0.0.1:%d/bogusdir): failed to open dir: FTP server reports 250 /bogusdir: No such file or directory
+ in %s on line %d
+bool(false)
+==DONE==
diff --git a/ext/standard/tests/streams/opendir-004.phpt b/ext/standard/tests/streams/opendir-004.phpt
@@ -0,0 +1,32 @@
+--TEST--
+opendir() with 'ftps://' stream. 
+--SKIPIF--
+<?php
+if (array_search('ftp',stream_get_wrappers()) === FALSE) die("skip ftp wrapper not available.");
+if (!function_exists('pcntl_fork')) die("skip pcntl_fork() not available.");
+if (!extension_loaded('openssl')) die ("skip openssl not available.");
+?>
+--FILE--
+<?php
+
+$ssl=true;
+require __DIR__ . "/../../../ftp/tests/server.inc";
+
+$path="ftps://127.0.0.1:" . $port."/";
+
+$context = stream_context_create(array('ssl' => array('cafile' =>  __DIR__ . '/../../../ftp/tests/cert.pem')));
+
+$ds=opendir($path, $context);
+var_dump($ds);
+while ($fn=readdir($ds)) {
+      var_dump($fn);
+}
+?>
+==DONE== 
+--EXPECTF--
+resource(%d) of type (stream)
+string(5) "file1"
+string(5) "file1"
+string(3) "fil"
+string(4) "b0rk"
+==DONE==
