diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2020-11-24 14:56:57 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-12-07 08:38:05 +0100 |
| commit | ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (patch) | |
| tree | 1b058703873aa904c9815549903d867542d96cbb /docs | |
| parent | abd846c374c5269809ce11740754bc6f00a0b193 (diff) | |
| download | curl-ec9cc725d598ac77de7b6df8afeec292b3c8ad46.tar.gz | |
ftp: CURLOPT_FTP_SKIP_PASV_IP by default
The command line tool also independently sets --ftp-skip-pasv-ip by
default.
Ten test cases updated to adapt the modified --libcurl output.
Bug: https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8284
Reported-by: Varnavas Papaioannou
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/cmdline-opts/ftp-skip-pasv-ip.d | 2 | ||||
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 | 8 |
2 files changed, 7 insertions, 3 deletions
diff --git a/docs/cmdline-opts/ftp-skip-pasv-ip.d b/docs/cmdline-opts/ftp-skip-pasv-ip.d index d6fd4589b..bcf4e7e62 100644 --- a/docs/cmdline-opts/ftp-skip-pasv-ip.d +++ b/docs/cmdline-opts/ftp-skip-pasv-ip.d @@ -10,4 +10,6 @@ to curl's PASV command when curl connects the data connection. Instead curl will re-use the same IP address it already uses for the control connection. +Since curl 7.74.0 this option is enabled by default. + This option has no effect if PORT, EPRT or EPSV is used instead of PASV. diff --git a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 index d6217d0d8..fa87ddce7 100644 --- a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 +++ b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -35,11 +35,13 @@ address it already uses for the control connection. But it will use the port number from the 227-response. This option thus allows libcurl to work around broken server installations -that due to NATs, firewalls or incompetence report the wrong IP address back. +that due to NATs, firewalls or incompetence report the wrong IP address +back. Setting the option also reduces the risk for various sorts of client +abuse by malicious servers. This option has no effect if PORT, EPRT or EPSV is used instead of PASV. .SH DEFAULT -0 +1 since 7.74.0, was 0 before then. .SH PROTOCOLS FTP .SH EXAMPLE |