On Tue, Aug 18, 2015 at 5:03 AM, intrigeri <intrigeri@???> wrote:
> pretty-in-pink@??? wrote (13 Aug 2015 16:02:50 GMT) :
>> Can you please follow this thread and update Wget for the next version of Tails?
>
>> Topic: [Bug-wget] FTP PORT command code in v1.16.3?
>
>> https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html
>
>> I haven't performed any sniffing attempts on my network, but apparently others have on theirs.
>
> I've had a look, and indeed it seems that in the context of Tails this
> could mean leaking the network adapter's IP address (i.e. most of the
> case a RFC-1918 one, but let's not count on that) in packets at the
> application layer.
>
> Could you please check:
>
> 1. if this is worth a CVE ID
> 2. if the proposed patchset applies on top of Debian Wheezy's wget
The patch has been applied upstream:
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099
it does not apply cleanly to 1.16.3, conflicting on tests. The source
changes, however, apply without conflict, I've attached that diff.
--
-Austin
commit 075d7556964f5a871a73c22ac4b69f5361295099
Author: Tim Rühsen <tim.ruehsen@???>
Date: Tue Aug 11 16:48:08 2015 +0200
Fix IP address exposure in FTP code
* src/ftp.c (getftp): Do not use PORT when PASV fails.
* tests/FTPServer.px: Add pasv_not_supported server flag.
* tests/Makefile.am: Add Test-ftp-pasv-not-supported.px
* tests/Test-ftp-pasv-not-supported.px: New test
Fix IP address exposure when automatically falling back from
passive mode to active mode (using the PORT command). A behavior that
may be used to expose a client's privacy even when using a proxy.
diff --git a/src/ftp.c b/src/ftp.c
index 68f1a33..9dab99c 100644
--- a/src/ftp.c
+++ b/src/ftp.c
@@ -252,7 +252,6 @@ getftp (struct url *u, wgint passed_expected_bytes, wgint *qtyread,
char *respline, *tms;
const char *user, *passwd, *tmrate;
int cmd = con->cmd;
- bool pasv_mode_open = false;
wgint expected_bytes = 0;
bool got_expected_bytes = false;
bool rest_failed = false;
@@ -883,13 +882,19 @@ Error in server response, closing control connection.\n"));
? CONERROR : CONIMPOSSIBLE);
}
- pasv_mode_open = true; /* Flag to avoid accept port */
if (!opt.server_response)
logputs (LOG_VERBOSE, _("done. "));
- } /* err==FTP_OK */
- }
+ }
+ else
+ return err;
- if (!pasv_mode_open) /* Try to use a port command if PASV failed */
+ /*
+ * We do not want to fall back from PASSIVE mode to ACTIVE mode !
+ * The reason is the PORT command exposes the client's real IP address
+ * to the server. Bad for someone who relies on privacy via a ftp proxy.
+ */
+ }
+ else
{
err = ftp_do_port (csock, &local_sock);
/* FTPRERR, WRITEFAILED, bindport (FTPSYSERR), HOSTERR,
@@ -1148,8 +1153,8 @@ Error in server response, closing control connection.\n"));
}
/* If no transmission was required, then everything is OK. */
- if (!pasv_mode_open) /* we are not using pasive mode so we need
- to accept */
+ if (!opt.ftp_pasv) /* we are not using passive mode so we need
+ to accept */
{
/* Wait for the server to connect to the address we're waiting
at. */