mirror of
https://github.com/mirror/wget.git
synced 2024-12-28 05:40:08 +08:00
Fix IP address exposure in FTP code
* src/ftp.c (getftp): Do not use PORT when PASV fails. * tests/FTPServer.px: Add pasv_not_supported server flag. * tests/Makefile.am: Add Test-ftp-pasv-not-supported.px * tests/Test-ftp-pasv-not-supported.px: New test Fix IP address exposure when automatically falling back from passive mode to active mode (using the PORT command). A behavior that may be used to expose a client's privacy even when using a proxy.
This commit is contained in:
parent
7578e47d49
commit
075d755696
2
NEWS
2
NEWS
@ -9,6 +9,8 @@ Please send GNU Wget bug reports to <bug-wget@gnu.org>.
|
||||
|
||||
* Changes in Wget X.Y.Z
|
||||
|
||||
** Remove FTP passive to active fallback due to privacy concerns
|
||||
|
||||
** Add support for --if-modified-since
|
||||
|
||||
** Add support for metalink through --input-metalink and --metalink-over-http
|
||||
|
19
src/ftp.c
19
src/ftp.c
@ -252,7 +252,6 @@ getftp (struct url *u, wgint passed_expected_bytes, wgint *qtyread,
|
||||
char *respline, *tms;
|
||||
const char *user, *passwd, *tmrate;
|
||||
int cmd = con->cmd;
|
||||
bool pasv_mode_open = false;
|
||||
wgint expected_bytes = 0;
|
||||
bool got_expected_bytes = false;
|
||||
bool rest_failed = false;
|
||||
@ -883,13 +882,19 @@ Error in server response, closing control connection.\n"));
|
||||
? CONERROR : CONIMPOSSIBLE);
|
||||
}
|
||||
|
||||
pasv_mode_open = true; /* Flag to avoid accept port */
|
||||
if (!opt.server_response)
|
||||
logputs (LOG_VERBOSE, _("done. "));
|
||||
} /* err==FTP_OK */
|
||||
}
|
||||
}
|
||||
else
|
||||
return err;
|
||||
|
||||
if (!pasv_mode_open) /* Try to use a port command if PASV failed */
|
||||
/*
|
||||
* We do not want to fall back from PASSIVE mode to ACTIVE mode !
|
||||
* The reason is the PORT command exposes the client's real IP address
|
||||
* to the server. Bad for someone who relies on privacy via a ftp proxy.
|
||||
*/
|
||||
}
|
||||
else
|
||||
{
|
||||
err = ftp_do_port (csock, &local_sock);
|
||||
/* FTPRERR, WRITEFAILED, bindport (FTPSYSERR), HOSTERR,
|
||||
@ -1148,8 +1153,8 @@ Error in server response, closing control connection.\n"));
|
||||
}
|
||||
|
||||
/* If no transmission was required, then everything is OK. */
|
||||
if (!pasv_mode_open) /* we are not using pasive mode so we need
|
||||
to accept */
|
||||
if (!opt.ftp_pasv) /* we are not using passive mode so we need
|
||||
to accept */
|
||||
{
|
||||
/* Wait for the server to connect to the address we're waiting
|
||||
at. */
|
||||
|
@ -740,6 +740,14 @@ sub run
|
||||
last;
|
||||
}
|
||||
|
||||
if (defined($self->{_server_behavior}{pasv_not_supported})
|
||||
&& $cmd eq 'PASV')
|
||||
{
|
||||
print {$conn->{socket}}
|
||||
"500 PASV not supported.\r\n";
|
||||
next;
|
||||
}
|
||||
|
||||
# Run the command.
|
||||
&{$command_table->{$cmd}}($conn, $cmd, $rest);
|
||||
}
|
||||
|
@ -127,7 +127,8 @@ PX_TESTS = \
|
||||
Test--start-pos.px \
|
||||
Test--start-pos--continue.px \
|
||||
Test--httpsonly-r.px \
|
||||
Test-204.px
|
||||
Test-204.px \
|
||||
Test-ftp-pasv-not-supported.px
|
||||
|
||||
EXTRA_DIST = FTPServer.pm FTPTest.pm HTTPServer.pm HTTPTest.pm \
|
||||
WgetTests.pm WgetFeature.pm WgetFeature.cfg $(PX_TESTS) \
|
||||
|
60
tests/Test-ftp-pasv-not-supported.px
Executable file
60
tests/Test-ftp-pasv-not-supported.px
Executable file
@ -0,0 +1,60 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
use FTPTest;
|
||||
|
||||
# This test checks whether Wget *does not* fall back from passive mode to
|
||||
# active mode using a PORT command. Wget <= 1.16.3 made a fallback exposing
|
||||
# the client's real IP address to the remote FTP server.
|
||||
#
|
||||
# This behavior circumvents expected privacy when using a proxy / proxy network (e.g. Tor).
|
||||
#
|
||||
# Wget >= 1.16.4 does it right. This test checks it.
|
||||
|
||||
###############################################################################
|
||||
|
||||
# From bug report 10.08.2015 from tomtidaly@sigaint.org
|
||||
my $afile = <<EOF;
|
||||
FTP PORT command code in v1.16.3?
|
||||
|
||||
In the past it could be possible for a site over http connection to
|
||||
redirect wget to FPT using FTP PORT command so the site gets the real IP
|
||||
of the computer even when wget proxy command is in use I believe:
|
||||
https://lists.torproject.org/pipermail/tor-talk/2012-April/024040.html
|
||||
|
||||
Is that code still present in wget v1.16.3? It was present in v1.13.4.
|
||||
EOF
|
||||
|
||||
$afile =~ s/\n/\r\n/g;
|
||||
|
||||
|
||||
# code, msg, headers, content
|
||||
my %urls = (
|
||||
'/afile.txt' => {
|
||||
content => $afile,
|
||||
},
|
||||
);
|
||||
|
||||
my $cmdline = $WgetTest::WGETPATH . " -S ftp://localhost:{{port}}/afile.txt";
|
||||
|
||||
my $expected_error_code = 8;
|
||||
|
||||
my %expected_downloaded_files = (
|
||||
'afile.txt' => {
|
||||
content => $afile,
|
||||
},
|
||||
);
|
||||
|
||||
###############################################################################
|
||||
|
||||
my $the_test = FTPTest->new (
|
||||
server_behavior => {pasv_not_supported => 1},
|
||||
input => \%urls,
|
||||
cmdline => $cmdline,
|
||||
errcode => $expected_error_code,
|
||||
output => \%expected_downloaded_files);
|
||||
exit !$the_test->run();
|
||||
|
||||
# vim: et ts=4 sw=4
|
Loading…
Reference in New Issue
Block a user