diff options
author | Daniel Stenberg <daniel@haxx.se> | 2020-11-24 14:56:57 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-12-07 08:38:05 +0100 |
commit | ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (patch) | |
tree | 1b058703873aa904c9815549903d867542d96cbb /docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 | |
parent | abd846c374c5269809ce11740754bc6f00a0b193 (diff) | |
download | curl-ec9cc725d598ac77de7b6df8afeec292b3c8ad46.tar.gz |
ftp: CURLOPT_FTP_SKIP_PASV_IP by default
The command line tool also independently sets --ftp-skip-pasv-ip by
default.
Ten test cases updated to adapt the modified --libcurl output.
Bug: https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8284
Reported-by: Varnavas Papaioannou
Diffstat (limited to 'docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3')
-rw-r--r-- | docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 index d6217d0d8..fa87ddce7 100644 --- a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 +++ b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -35,11 +35,13 @@ address it already uses for the control connection. But it will use the port number from the 227-response. This option thus allows libcurl to work around broken server installations -that due to NATs, firewalls or incompetence report the wrong IP address back. +that due to NATs, firewalls or incompetence report the wrong IP address +back. Setting the option also reduces the risk for various sorts of client +abuse by malicious servers. This option has no effect if PORT, EPRT or EPSV is used instead of PASV. .SH DEFAULT -0 +1 since 7.74.0, was 0 before then. .SH PROTOCOLS FTP .SH EXAMPLE |