diff --git a/NEWS b/NEWS index 50d91960..d84744ac 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,8 @@ Please send GNU Wget bug reports to . * Changes in Wget X.Y.Z +** Remove FTP passive to active fallback due to privacy concerns + ** Add support for --if-modified-since ** Add support for metalink through --input-metalink and --metalink-over-http diff --git a/src/ftp.c b/src/ftp.c index 68f1a33c..9dab99c9 100644 --- a/src/ftp.c +++ b/src/ftp.c @@ -252,7 +252,6 @@ getftp (struct url *u, wgint passed_expected_bytes, wgint *qtyread, char *respline, *tms; const char *user, *passwd, *tmrate; int cmd = con->cmd; - bool pasv_mode_open = false; wgint expected_bytes = 0; bool got_expected_bytes = false; bool rest_failed = false; @@ -883,13 +882,19 @@ Error in server response, closing control connection.\n")); ? CONERROR : CONIMPOSSIBLE); } - pasv_mode_open = true; /* Flag to avoid accept port */ if (!opt.server_response) logputs (LOG_VERBOSE, _("done. ")); - } /* err==FTP_OK */ - } + } + else + return err; - if (!pasv_mode_open) /* Try to use a port command if PASV failed */ + /* + * We do not want to fall back from PASSIVE mode to ACTIVE mode ! + * The reason is the PORT command exposes the client's real IP address + * to the server. Bad for someone who relies on privacy via a ftp proxy. + */ + } + else { err = ftp_do_port (csock, &local_sock); /* FTPRERR, WRITEFAILED, bindport (FTPSYSERR), HOSTERR, @@ -1148,8 +1153,8 @@ Error in server response, closing control connection.\n")); } /* If no transmission was required, then everything is OK. */ - if (!pasv_mode_open) /* we are not using pasive mode so we need - to accept */ + if (!opt.ftp_pasv) /* we are not using passive mode so we need + to accept */ { /* Wait for the server to connect to the address we're waiting at. */ diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm index c0a6e47e..a5185d66 100644 --- a/tests/FTPServer.pm +++ b/tests/FTPServer.pm @@ -740,6 +740,14 @@ sub run last; } + if (defined($self->{_server_behavior}{pasv_not_supported}) + && $cmd eq 'PASV') + { + print {$conn->{socket}} + "500 PASV not supported.\r\n"; + next; + } + # Run the command. &{$command_table->{$cmd}}($conn, $cmd, $rest); } diff --git a/tests/Makefile.am b/tests/Makefile.am index 5d387aab..daf162fc 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -127,7 +127,8 @@ PX_TESTS = \ Test--start-pos.px \ Test--start-pos--continue.px \ Test--httpsonly-r.px \ - Test-204.px + Test-204.px \ + Test-ftp-pasv-not-supported.px EXTRA_DIST = FTPServer.pm FTPTest.pm HTTPServer.pm HTTPTest.pm \ WgetTests.pm WgetFeature.pm WgetFeature.cfg $(PX_TESTS) \ diff --git a/tests/Test-ftp-pasv-not-supported.px b/tests/Test-ftp-pasv-not-supported.px new file mode 100755 index 00000000..97d0610d --- /dev/null +++ b/tests/Test-ftp-pasv-not-supported.px @@ -0,0 +1,60 @@ +#!/usr/bin/env perl + +use strict; +use warnings; + +use FTPTest; + +# This test checks whether Wget *does not* fall back from passive mode to +# active mode using a PORT command. Wget <= 1.16.3 made a fallback exposing +# the client's real IP address to the remote FTP server. +# +# This behavior circumvents expected privacy when using a proxy / proxy network (e.g. Tor). +# +# Wget >= 1.16.4 does it right. This test checks it. + +############################################################################### + +# From bug report 10.08.2015 from tomtidaly@sigaint.org +my $afile = < { + content => $afile, + }, +); + +my $cmdline = $WgetTest::WGETPATH . " -S ftp://localhost:{{port}}/afile.txt"; + +my $expected_error_code = 8; + +my %expected_downloaded_files = ( + 'afile.txt' => { + content => $afile, + }, +); + +############################################################################### + +my $the_test = FTPTest->new ( + server_behavior => {pasv_not_supported => 1}, + input => \%urls, + cmdline => $cmdline, + errcode => $expected_error_code, + output => \%expected_downloaded_files); +exit !$the_test->run(); + +# vim: et ts=4 sw=4