Skip to content

bpo-43285 Make ftplib not trust the PASV response. #24838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gpshead merged 2 commits into from
Mar 15, 2021
Merged

bpo-43285 Make ftplib not trust the PASV response. #24838

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4b397c1
bpo-43285 Make ftplib not trust the PASV response.
gpshead Mar 13, 2021
6003e2f
Rename the legacy behavior attribute and mention it in NEWS.
gpshead Mar 13, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Rename the legacy behavior attribute and mention it in NEWS. 
`trust_server_pasv_ipv4_address`
  • Loading branch information
@gpshead
gpshead committed Mar 13, 2021
commit 6003e2f6672696e415bc5023ce7a47a4b03488bd
4 changes: 2 additions & 2 deletions Lib/ftplib.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ class FTP:
welcome = None
passiveserver = True
# Disables https://bugs.python.org/issue43285 security if set to True.
use_untrusted_server_pasv_ipv4_addr = False
trust_server_pasv_ipv4_address = False

def __init__(self, host='', user='', passwd='', acct='',
timeout=_GLOBAL_DEFAULT_TIMEOUT, source_address=None, *,
Expand Down Expand Up @@ -325,7 +325,7 @@ def makepasv(self):
"""Internal: Does the PASV or EPSV handshake -> (address, port)"""
if self.af == socket.AF_INET:
untrusted_host, port = parse227(self.sendcmd('PASV'))
if self.use_untrusted_server_pasv_ipv4_addr:
if self.trust_server_pasv_ipv4_address:
host = untrusted_host
else:
host = self.sock.getpeername()[0]
Expand Down
4 changes: 2 additions & 2 deletions Lib/test/test_ftplib.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -714,7 +714,7 @@ def test_makepasv(self):

def test_makepasv_issue43285_security_disabled(self):
"""Test the opt-in to the old vulnerable behavior."""
self.client.use_untrusted_server_pasv_ipv4_addr = True
self.client.trust_server_pasv_ipv4_address = True
bad_host, port = self.client.makepasv()
self.assertEqual(
bad_host, self.server.handler_instance.fake_pasv_server_ip)
Expand All @@ -724,7 +724,7 @@ def test_makepasv_issue43285_security_disabled(self):
timeout=TIMEOUT).close()

def test_makepasv_issue43285_security_enabled_default(self):
self.assertFalse(self.client.use_untrusted_server_pasv_ipv4_addr)
self.assertFalse(self.client.trust_server_pasv_ipv4_address)
trusted_host, port = self.client.makepasv()
self.assertNotEqual(
trusted_host, self.server.handler_instance.fake_pasv_server_ip)
Expand Down
4 changes: 4 additions & 0 deletions Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,7 @@
in response to the PASV command by default. This prevents a malicious FTP
server from using the response to probe IPv4 address and port combinations
on the client network.

Code that requires the former vulnerable behavior may set a
``trust_server_pasv_ipv4_address`` attribute on their
:class:`ftplib.FTP` instances to ``True`` to re-enable it.