Merge pull request #15 from mailsvb/fixPasvPorts

mailsvb · web-flow · commit 2b2f103fdac9 · 2022-03-17T22:13:46.000+01:00
add timeout to data sockets
diff --git a/lib/jsftpd.js b/lib/jsftpd.js
@@ -959,6 +959,11 @@ class ftpd {
             if (isSecure === true && protection === true) {
                 dataChannel = tls.Server(main._opt.tls)
                 dataChannel.on('secureConnection', (pasvSocket) => {
+                    pasvSocket.on('error', main.ErrorHandler)
+                    pasvSocket.setTimeout(5000)
+                    pasvSocket.on('timeout', () => {
+                        pasvSocket.destroy()
+                    })
                     main.DebugHandler(`${connectionInfo} data connection established`)
                     dataObj.dataSocket = pasvSocket
                     if (dataObj.method) {
@@ -968,6 +973,12 @@ class ftpd {
             } else {
                 dataChannel = net.Server()
                 dataChannel.on('connection', (pasvSocket) => {
+                    pasvSocket.on('error', main.ErrorHandler)
+                    pasvSocket.setTimeout(5000)
+                    pasvSocket.on('timeout', () => {
+                        pasvSocket.destroy()
+                    })
+                    pasvSocket.on('close', () => main.DebugHandler(`${connectionInfo} data connection has been closed`))
                     if (isSecure === true && protection === true) {
                         pasvSocket = new tls.TLSSocket(pasvSocket, { isServer: true, secureContext: tls.createSecureContext(main._opt.tls) })
                         pasvSocket.on('secure', () => {
@@ -1004,11 +1015,16 @@ class ftpd {
                                 dataObj.dataSocket = activeSocket
                                 dataObj.method(dataObj)
                             })
+                            activeSocket.on('error', main.ErrorHandler)
                         } else {
                             obj.dataSocket = client
                             obj.method(obj)
                         }
                     })
+                    client.setTimeout(5000)
+                    client.on('timeout', () => {
+                        client.destroy()
+                    })
                     client.on('error', main.ErrorHandler)
                 } else {
                     obj.method(obj)
diff --git a/test/LIST.test.js b/test/LIST.test.js
@@ -35,7 +35,7 @@ test('test LIST message', async () => {
 
     let promiseSocket = new PromiseSocket(new net.Socket())
     let socket = promiseSocket.stream
-    await socket.connect(cmdPortTCP, 'localhost')
+    await socket.connect(cmdPortTCP, '127.0.0.1', 'localhost')
     content = await promiseSocket.read()
     expect(content.toString().trim()).toBe('220 Welcome')
 
diff --git a/test/PASV.test.js b/test/PASV.test.js
@@ -40,7 +40,7 @@ test('test PASV message takes next free port', async () => {
 
     let promiseSocket = new PromiseSocket(new net.Socket())
     let socket = promiseSocket.stream
-    await socket.connect(cmdPortTCP, 'localhost')
+    await socket.connect(cmdPortTCP, '127.0.0.1', 'localhost')
     content = await promiseSocket.read()
     expect(content.toString().trim()).toBe('220 Welcome')
 
diff --git a/test/STOR.test.js b/test/STOR.test.js
@@ -4,7 +4,7 @@ const tls = require('tls')
 const {PromiseSocket, TimeoutError} = require('promise-socket')
 const { sleep, getCmdPortTCP, getDataPort } = require('./utils')
 
-jest.setTimeout(5000)
+jest.setTimeout(7500)
 let server, content, dataContent = null
 const cmdPortTCP = getCmdPortTCP()
 const dataPort = getDataPort()
@@ -128,6 +128,44 @@ test('test STOR message', async () => {
     await promiseSocket.end()
 })
 
+test('test STOR message failes due to socket timeout', async () => {
+    const users = [
+        {
+            username: 'john',
+            allowLoginWithoutPassword: true,
+        }
+    ]
+    server = new ftpd({cnf: {port: 50021, user: users, minDataPort: dataPort}})
+    expect(server).toBeInstanceOf(ftpd)
+    server.start()
+
+    let promiseSocket = new PromiseSocket(new net.Socket())
+    let socket = promiseSocket.stream
+    await socket.connect(50021, 'localhost')
+    content = await promiseSocket.read()
+    expect(content.toString().trim()).toBe('220 Welcome')
+
+    await promiseSocket.write('USER john')
+    content = await promiseSocket.read()
+    expect(content.toString().trim()).toBe('232 User logged in')
+
+    await promiseSocket.write('STOR ../../mytestfile')
+    content = await promiseSocket.read()
+    expect(content.toString().trim()).toBe('550 Transfer failed "../../mytestfile"')
+
+    await promiseSocket.write('EPSV')
+    content = await promiseSocket.read()
+    expect(content.toString().trim()).toBe(`229 Entering extended passive mode (|||${dataPort}|)`)
+
+    let promiseDataSocket = new PromiseSocket(new net.Socket())
+    let dataSocket = promiseDataSocket.stream
+    await dataSocket.connect(dataPort, 'localhost')
+
+    await sleep(5500)
+    expect(dataSocket.destroyed).toBe(true)
+
+    await promiseSocket.end()
+})
 
 test('test STOR message with ASCII', async () => {
     const users = [
