git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.7] bpo-43285 Make ftplib not trust the PASV response. (GH-24838) (GH-24881) (GH-24883)

The IPv4 address value returned from the server in response to the PASV command
should not be trusted. This prevents a malicious FTP server from using the
response to probe IPv4 address and port combinations on the client network.

Instead of using the returned address, we use the IP address we're
already connected to. This is the strategy other ftp clients adopted,
and matches the only strategy available for the modern IPv6 EPSV command
where the server response must return a port number and nothing else.

For the rare user who _wants_ this ugly behavior, set a `trust_server_pasv_ipv4_address`
attribute on your `ftplib.FTP` instance to True..
(cherry picked from commit 0ab152c6b5d95caa2dc1a30fa96e10258b5f188e)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
(cherry picked from commit 664d1d16274b47eea6ec92572e1ebf3939a6fa0c)

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Tue, 16 Mar 2021 21:19:55 +0000 (14:19 -0700)
committer	GitHub <noreply@github.com>
	Tue, 16 Mar 2021 21:19:55 +0000 (17:19 -0400)
commit	79373951b3eab585d42e0f0ab83718cbe1d0ee33
tree	5b8594da3ada5b77d2cabb336c87e434e3b809a6	tree \| snapshot
parent	a99860e4022c386df6e51fcc7741b0aeba25d687	commit \| diff

Doc/whatsnew/3.7.rst		diff \| blob \| blame \| history
Lib/ftplib.py		diff \| blob \| blame \| history
Lib/test/test_ftplib.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst	[new file with mode: 0644]	blob