Oberon ||
Library ||
Module Index ||
Search Engine ||
Definition ||
Module
Ulm's Oberon Library:
FTPRequests
NAME
FTPRequests - scan FTP requests from input
SYNOPSIS
TYPE Request = POINTER TO RequestRec;
TYPE RequestRec =
RECORD
(PersistentDisciplines.ObjectRec)
command: ConstStrings.String; (* in upper-case *)
param: Streams.Stream; (* rest of the line, may be NIL *)
END;
TYPE Event = POINTER TO EventRec;
TYPE EventRec =
RECORD
(Events.EventRec)
request: Request;
END;
PROCEDURE GetRequest(s: Streams.Stream; VAR request: Request) : BOOLEAN;
DESCRIPTION
FTPRequests
provides in Request a persistent type for incoming FTP requests,
a scanner for FTP requests on bidirectional communication channels,
and an event type that may be used for logging (see FTPLoggers).
GetRequest
reads from s a request, consisting of
- a command name that contains
neither spaces nor line terminators
(lower-case characters are converted to upper-case),
- an optional parameter, separated by one space character
from the command name, and
- a line terminator consisting of ASCII.cr, ASCII.lf.
As ASCII.lf cannot be embedded in a parameter, a single
ASCII.lf without preceding ASCII.cr is accepted
as well.
GetRequest
processes telnet codes in conformance to RFC 959 and
sends responses to these embedded requests to s under
the assumption that s is a bidirectional network connection.
SECURITY CONSIDERATIONS
GetRequest
accepts requests of arbitrary length and stores them into
persistent objects. This opens FTP services using
GetRequest
to denial-of-service attacks by flooding them with
unterminated requests which cause arbitrary amounts
of memory to be consumed until all available resources
are exhausted.
A counter measure could be the application of general
resource limits using SysResources and/or of
time limits using FTPTimers and FTPTimerEvents.
DIAGNOSTICS
GetRequest
returns TRUE on success and FALSE in case
of failures but does not generate any error events on
its own. Please check s.eof as an unexpected
end on the input side can be the cause of a failure.
SEE ALSO
- FTPCommands
-
collection of FTP command strings.
- FTPResponses
-
sibling of this module that offers a persistent type for FTP responses
and an operation that allows to send them over network connections.
Edited by: borchert, last change: 2001/04/23, revision: 1.2, converted to HTML: 2001/04/23
Oberon ||
Library ||
Module Index ||
Search Engine ||
Definition ||
Module