sessionThread.offset can be wrong on connection issues
Opened this issue · 0 comments
Whether this should be dealt with or not, entering here as reference. Its looking like I need to deal with it a bit for scoped storage but it could be dealt with further probably and for java.io.File that I won't be touching. Its used in multiple classes.
The problem
sessionThread.offset + router/networking stability or other issues that cause read failure can cause client to send a high invalid offset. The file will be at the wrong length such as 0 because of read failure for example (this has been seen during a router stability issue possibly of "Deammsdu Fail") that showed up as the router AP mode kicked the server device.
sessionThread.offset can wrongly steer any classes where its used for steering such as it is with STOR at this time.
Depending on the code, this causes any number of issues including 0 byte files or whatever depending on code changes.
What could maybe be done
The length could be tested against the offset and return an error if not correct.
Steering it after testing for correctness could be fine too.
I feel the rfc suggests this is possible but that depends on server-PI meaning in this context I suppose. It is however, going to drastically affect the smoothness of the server and correctness of files.
-
server-FTP process
"A process or set of processes which perform the function of
file transfer in cooperation with a user-FTP process and,
possibly, another server. The functions consist of a protocol
interpreter (PI) and a data transfer process (DTP)." -
https://www.rfc-editor.org/rfc/rfc3659#page-16
"The server-PI may react to a badly
positioned REST command by issuing an error response to the following
command, not being a restartable data transfer command, or it may
save the restart value and apply it to the next data transfer
command, or it may silently ignore the inappropriate restart attempt."