Tim Ruehsen <[email protected]> writes: > From d8d545994be399705c483ea924e71c3e6348d99d Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Tim=20R=C3=BChsen?= <[email protected]> > Date: Tue, 11 Aug 2015 16:48:08 +0200 > Subject: [PATCH] Fix IP address exposure in FTP code > > * src/ftp.c (getftp): Do not use PORT when PASV fails. > * tests/FTPServer.px: Add pasv_not_supported server flag. > * tests/Makefile.am: Add Test-ftp-pasv-not-supported.px > * tests/Test-ftp-pasv-not-supported.px: New test > > Fix IP address exposure when automatically falling back from > passive mode to active mode (using the PORT command). A behavior that > may be used to expose a client's privacy even when using a proxy. > --- > src/ftp.c | 19 +++++++----- > tests/FTPServer.pm | 8 +++++ > tests/Makefile.am | 3 +- > tests/Test-ftp-pasv-not-supported.px | 57 > ++++++++++++++++++++++++++++++++++++ > 4 files changed, 79 insertions(+), 8 deletions(-) > create mode 100755 tests/Test-ftp-pasv-not-supported.px > > diff --git a/src/ftp.c b/src/ftp.c > index 68f1a33..9dab99c 100644 > --- a/src/ftp.c > +++ b/src/ftp.c > @@ -252,7 +252,6 @@ getftp (struct url *u, wgint passed_expected_bytes, wgint > *qtyread, > char *respline, *tms; > const char *user, *passwd, *tmrate; > int cmd = con->cmd; > - bool pasv_mode_open = false; > wgint expected_bytes = 0; > bool got_expected_bytes = false; > bool rest_failed = false; > @@ -883,13 +882,19 @@ Error in server response, closing control > connection.\n")); > ? CONERROR : CONIMPOSSIBLE); > } > > - pasv_mode_open = true; /* Flag to avoid accept port */ > if (!opt.server_response) > logputs (LOG_VERBOSE, _("done. ")); > - } /* err==FTP_OK */ > - } > + } > + else > + return err; > > - if (!pasv_mode_open) /* Try to use a port command if PASV failed */ > + /* > + * We do not want to fall back from PASSIVE mode to ACTIVE mode ! > + * The reason is the PORT command exposes the client's real IP > address > + * to the server. Bad for someone who relies on privacy via a ftp > proxy. > + */ > + } > + else > { > err = ftp_do_port (csock, &local_sock); > /* FTPRERR, WRITEFAILED, bindport (FTPSYSERR), HOSTERR, > @@ -1148,8 +1153,8 @@ Error in server response, closing control > connection.\n")); > } > > /* If no transmission was required, then everything is OK. */ > - if (!pasv_mode_open) /* we are not using pasive mode so we need > - to accept */ > + if (!opt.ftp_pasv) /* we are not using passive mode so we need > + to accept */ > { > /* Wait for the server to connect to the address we're waiting > at. */
ACK from me. Could you please also update NEWS? It looks like some important change we want to inform people about :) Regards, Giuseppe
