php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30439 ftp_get() file corruption
Submitted: 2004-10-15 01:46 UTC Modified: 2005-02-11 01:00 UTC
Votes:5
Avg. Score:4.8 ± 0.4
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:1 (33.3%)
From: dmp-php at dplhenterprises dot com Assigned:
Status: No Feedback Package: FTP related
PHP Version: 4.3.9 OS: Windows 2000
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-10-15 01:46 UTC] dmp-php at dplhenterprises dot com
Description:
------------
When using ftp_get() or ftp_fget() in FTP_ASCII mode and fetching from an OpenVMS server runing the UCX FTP server (version appears irrelevant), extra characters are added to the end of the file.
It appears to be the end of the last complete buffer when the final read doesn't completely fill the buffer at end of file. 
This does not happen with an IIS FTP server. I have been unable to test with a *nix server.
I've tried fetching the file with both WS_FTP and the standard Windows FTP client and neither of them produced corrupt files.

Reproduce code:
---------------
<?php
  $wipfil = 'd:/bcs_mps/_wip/ftpbug.txt';
  $srcfil = 'work$:[mps.r]006.mps';

  $f = ftp_connect( 'bcsaxp.bcs.com' );
  if( !$f )
    die( "Unable to connect to bcsaxp.bcs.com. " 
         . $php_errormsg );

  if( !ftp_login( $f, 'myusername', 'mypass' ))
  {
    $this->close();
    die( "Unable to log in to bcsaxp.bcs.com as " 
         . "myusername " . $php_errormsg );
  }

  if( !ftp_get( $f, $wipfil, $srcfil, FTP_ASCII )) 
    die( "Unable to GET file {$srcfil} " . $php_errormsg );
	
  ftp_close( $f );
?>


Expected result:
----------------
<!-- Test MPS request file -->
<bcs_mps_email>
  <message>
    <to address="dmp-mps@daveandlaura.org" name="Dave testing throug daveandlaura" />
    <from address="dmp-mpsfrom@dplhenterprises.com" name="MPS Test script" />
    <subject>Another test message for MPS</subject>
    <body type="text">
This is the plain text version of this message.
It contains a tabbed table.
Column 1	Column 2
L1-C1	L1-C2
L2-C1	L2-C2      
    </body>
    <body type="html">
      <![CDATA[
	<h3 style="text-align: center; color: blue;">This is the HTML version of this message</h3>
	It contains an HTML table.
	<table border=1>
	  <tr><th>Column 1</th><th>Column 2</th></tr>
	  <tr><td>L1-C1</td><td>L1-C2</td></tr>
	  <tr><td>L2-C1</td><td>L2-C2</td></tr>
	</table>
      ]]>
    </body>
    <attachment file="sys$login:login.com" type="text/plain" name="Login.Dcl" />
  </message>
<bcs_mps_email>


Actual result:
--------------
<!-- Test MPS request file -->
<bcs_mps_email>
  <message>
    <to address="dmp-mps@daveandlaura.org" name="Dave testing throug daveandlaura" />
    <from address="dmp-mpsfrom@dplhenterprises.com" name="MPS Test script" />
    <subject>Another test message for MPS</subject>
    <body type="text">
This is the plain text version of this message.
It contains a tabbed table.
Column 1	Column 2
L1-C1	L1-C2
L2-C1	L2-C2      
    </body>
    <body type="html">
      <![CDATA[
	<h3 style="text-align: center; color: blue;">This is the HTML version of this message</h3>
	It contains an HTML table.
	<table border=1>
	  <tr><th>Column 1</th><th>Column 2</th></tr>
	  <tr><td>L1-C1</td><td>L1-C2</td></tr>
	  <tr><td>L2-C1</td><td>L2-C2</td></tr>
	</table>
      ]]>
    </body>
    <attachment file="sys$login:login.com" type="text/plain" name="Login.Dcl" />
  </message>
<bcs_mps_email>
n 2
L1-C1	L1-C2
L2-C1	L2-C2      
    </body>
    <body type="html">
      <![CDATA[


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-27 16:58 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.


 [2004-11-29 12:15 UTC] mailbox2 at ibelgique dot com
Hi,

Here is a test script. When fixing this bug, please also look at bug 27633 which may be related.

Thanks!

David


<?php

// Test script for PHP bugs 27633 and 30439

	$ftpserver  = "ftp.belnet.be";
	$username   = "anonymous";
	$password   = "test@test.com";
	$localfile  = dirname(__FILE__) . "/test-ftp-output.txt"; // Chmod 777 if necessary
	$remotefile = "/mirror/ftp.php.net/index.php";
	$ftpmode    = FTP_ASCII; // without quotes

	echo "<html>--- Script start ---<br />\n";

	$conn_id = ftp_connect($ftpserver);
	if ($conn_id == false) { echo "Could not connect to FTP server $ftpserver.<br />\n"; exit(); }

	$result_login = ftp_login($conn_id, $username, $password);	
	if ($result_login == false) { echo "Could not login to FTP server $ftpserver.<br />\n"; exit(); }

	$result_get = ftp_get($conn_id, $localfile, $remotefile, $ftpmode);
	if ($result_get == false) { echo "Could not get the remote file $remotefile to the local file $localfile.<br />\n"; exit(); }
	
	ftp_close($conn_id);

	echo "--- Script end ---<br /></html>\n";
?>
 [2004-12-10 18:21 UTC] a dot j dot baas at students dot uu dot nl
I have tested this also, but on a linux machine, i think working with proftpd.
For me, i stumbled uppon this issue when downloading small files with a huge amount of linebrakes.
the issue should be rated high, because i get what looks like a dump of the php memory, including some source code of other sites that run on the server. I could easily exploit this to retreive database passwords etc.
it also causes the script that does the downloading to crash without outputting anything to the browser. If you need additional testcases(i still have the txt file that causes the crash) please let me know.
 [2004-12-12 05:48 UTC] sirbinam at hotmail dot com
I submitted a patch to the internals list in response to bug# 27633, that *may* fix this problem. I found 2 problems, one, *some* servers send a '\r' before every '\n', so if the source file has '\r\n' style line endings the buffer on the client side contains '\r\r\n' and the code didn't handle this. Secondly, I noticed in my testing of the original code that if the data in the buffer ended with a line ending that the pointer would be moved past the end of the data, and write garbage data to the stream, there were a bunch of null characters, and data from other processes. This would only apply to win32 systems doing transfers in ascii mode.
 [2004-12-17 16:32 UTC] ajbaas at cs dot uu dot nl
For me, this problem was resolved with php 4.3.10.
Can someone else confirm?
 [2005-02-11 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2007-07-02 10:22 UTC] 1235st at mailinator dot com
http://g1.com
spam test
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Apr 05 19:01:30 2020 UTC