Re: [Tails-dev] [Bug-wget] Wget Sending Original IP !!

Delete this message

Reply to this message
Autore: Austin English
Data:  
To: The Tails public development discussion list
CC: pretty-in-pink
Oggetto: Re: [Tails-dev] [Bug-wget] Wget Sending Original IP !!
On Tue, Aug 18, 2015 at 5:03 AM, intrigeri <intrigeri@???> wrote:
> pretty-in-pink@??? wrote (13 Aug 2015 16:02:50 GMT) :
>> Can you please follow this thread and update Wget for the next version of Tails?
>
>> Topic: [Bug-wget] FTP PORT command code in v1.16.3?
>
>> https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html
>
>> I haven't performed any sniffing attempts on my network, but apparently others have on theirs.
>
> I've had a look, and indeed it seems that in the context of Tails this
> could mean leaking the network adapter's IP address (i.e. most of the
> case a RFC-1918 one, but let's not count on that) in packets at the
> application layer.
>
> Could you please check:
>
> 1. if this is worth a CVE ID
> 2. if the proposed patchset applies on top of Debian Wheezy's wget


The patch has been applied upstream:
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099

it does not apply cleanly to 1.16.3, conflicting on tests. The source
changes, however, apply without conflict, I've attached that diff.

--
-Austin
commit 075d7556964f5a871a73c22ac4b69f5361295099
Author: Tim Rühsen <tim.ruehsen@???>
Date: Tue Aug 11 16:48:08 2015 +0200

    Fix IP address exposure in FTP code


    * src/ftp.c (getftp): Do not use PORT when PASV fails.
    * tests/FTPServer.px: Add pasv_not_supported server flag.
    * tests/Makefile.am: Add Test-ftp-pasv-not-supported.px
    * tests/Test-ftp-pasv-not-supported.px: New test


    Fix IP address exposure when automatically falling back from
    passive mode to active mode (using the PORT command). A behavior that
    may be used to expose a client's privacy even when using a proxy.


diff --git a/src/ftp.c b/src/ftp.c
index 68f1a33..9dab99c 100644
--- a/src/ftp.c
+++ b/src/ftp.c
@@ -252,7 +252,6 @@ getftp (struct url *u, wgint passed_expected_bytes, wgint *qtyread,
   char *respline, *tms;
   const char *user, *passwd, *tmrate;
   int cmd = con->cmd;
-  bool pasv_mode_open = false;
   wgint expected_bytes = 0;
   bool got_expected_bytes = false;
   bool rest_failed = false;
@@ -883,13 +882,19 @@ Error in server response, closing control connection.\n"));
                           ? CONERROR : CONIMPOSSIBLE);
                 }


-              pasv_mode_open = true;  /* Flag to avoid accept port */
               if (!opt.server_response)
                 logputs (LOG_VERBOSE, _("done.    "));
-            } /* err==FTP_OK */
-        }
+            }
+          else
+            return err;


-      if (!pasv_mode_open)   /* Try to use a port command if PASV failed */
+          /*
+           * We do not want to fall back from PASSIVE mode to ACTIVE mode !
+           * The reason is the PORT command exposes the client's real IP address
+           * to the server. Bad for someone who relies on privacy via a ftp proxy.
+           */
+        }
+      else
         {
           err = ftp_do_port (csock, &local_sock);
           /* FTPRERR, WRITEFAILED, bindport (FTPSYSERR), HOSTERR,
@@ -1148,8 +1153,8 @@ Error in server response, closing control connection.\n"));
     }


   /* If no transmission was required, then everything is OK.  */
-  if (!pasv_mode_open)  /* we are not using pasive mode so we need
-                              to accept */
+  if (!opt.ftp_pasv)  /* we are not using passive mode so we need
+                         to accept */
     {
       /* Wait for the server to connect to the address we're waiting
          at.  */