mirror of
https://github.com/mirror/wget.git
synced 2025-01-07 19:00:30 +08:00
075d755696
* src/ftp.c (getftp): Do not use PORT when PASV fails. * tests/FTPServer.px: Add pasv_not_supported server flag. * tests/Makefile.am: Add Test-ftp-pasv-not-supported.px * tests/Test-ftp-pasv-not-supported.px: New test Fix IP address exposure when automatically falling back from passive mode to active mode (using the PORT command). A behavior that may be used to expose a client's privacy even when using a proxy.
61 lines
1.7 KiB
Perl
Executable File
61 lines
1.7 KiB
Perl
Executable File
#!/usr/bin/env perl
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use FTPTest;
|
|
|
|
# This test checks whether Wget *does not* fall back from passive mode to
|
|
# active mode using a PORT command. Wget <= 1.16.3 made a fallback exposing
|
|
# the client's real IP address to the remote FTP server.
|
|
#
|
|
# This behavior circumvents expected privacy when using a proxy / proxy network (e.g. Tor).
|
|
#
|
|
# Wget >= 1.16.4 does it right. This test checks it.
|
|
|
|
###############################################################################
|
|
|
|
# From bug report 10.08.2015 from tomtidaly@sigaint.org
|
|
my $afile = <<EOF;
|
|
FTP PORT command code in v1.16.3?
|
|
|
|
In the past it could be possible for a site over http connection to
|
|
redirect wget to FPT using FTP PORT command so the site gets the real IP
|
|
of the computer even when wget proxy command is in use I believe:
|
|
https://lists.torproject.org/pipermail/tor-talk/2012-April/024040.html
|
|
|
|
Is that code still present in wget v1.16.3? It was present in v1.13.4.
|
|
EOF
|
|
|
|
$afile =~ s/\n/\r\n/g;
|
|
|
|
|
|
# code, msg, headers, content
|
|
my %urls = (
|
|
'/afile.txt' => {
|
|
content => $afile,
|
|
},
|
|
);
|
|
|
|
my $cmdline = $WgetTest::WGETPATH . " -S ftp://localhost:{{port}}/afile.txt";
|
|
|
|
my $expected_error_code = 8;
|
|
|
|
my %expected_downloaded_files = (
|
|
'afile.txt' => {
|
|
content => $afile,
|
|
},
|
|
);
|
|
|
|
###############################################################################
|
|
|
|
my $the_test = FTPTest->new (
|
|
server_behavior => {pasv_not_supported => 1},
|
|
input => \%urls,
|
|
cmdline => $cmdline,
|
|
errcode => $expected_error_code,
|
|
output => \%expected_downloaded_files);
|
|
exit !$the_test->run();
|
|
|
|
# vim: et ts=4 sw=4
|