mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-23 09:19:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
cpython/Misc
History
Miss Islington (bot) 7dcb4baa4f
bpo-43285 Make ftplib not trust the PASV response. (GH-24838) 
bpo-43285: Make ftplib not trust the PASV response.

The IPv4 address value returned from the server in response to the PASV command
should not be trusted.  This prevents a malicious FTP server from using the
response to probe IPv4 address and port combinations on the client network.

Instead of using the returned address, we use the IP address we're
already connected to.  This is the strategy other ftp clients adopted,
and matches the only strategy available for the modern IPv6 EPSV command
where the server response must return a port number and nothing else.

For the rare user who _wants_ this ugly behavior, set a `trust_server_pasv_ipv4_address`
attribute on your `ftplib.FTP` instance to True.
(cherry picked from commit 0ab152c6b5)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
2021-03-15 12:02:45 -07:00
..
NEWS.d bpo-43285 Make ftplib not trust the PASV response. (GH-24838) 2021-03-15 12:02:45 -07:00
ACKS bpo-42819, readline: Disable bracketed paste (GH-24108) (GH-24545) 2021-02-16 01:18:07 +01:00
coverity_model.c
gdbinit gdbinit: Use proper define syntax (GH-19557) 2020-04-23 05:49:26 -07:00
HISTORY
indent.pro
Porting
python-config.in bpo-38468 : Refactor python-config (#16749) 2019-10-15 11:18:47 -03:00
python-config.sh.in
python-embed.pc.in
python-wing3.wpr
python-wing4.wpr
python-wing5.wpr
python.man bpo-41525: Make the Python program help ASCII-only (GH-21836) 2020-09-08 17:47:53 -07:00
python.pc.in
README
README.AIX
README.coverity
README.valgrind
requirements-test.txt bpo-40503: PEP 615: Tests and implementation for zoneinfo (GH-19909) 2020-05-16 10:20:06 +02:00
SpecialBuilds.txt bpo-39489: Remove COUNT_ALLOCS special build (GH-18259) 2020-02-03 15:17:15 +01:00
svnmap.txt
valgrind-python.supp bpo-35561: Supress valgrind false alarm on epoll_ctl(event) (GH-18060) 2020-01-19 23:38:37 +01:00
vgrindefs

README 

Python Misc subdirectory
========================

This directory contains files that wouldn't fit in elsewhere.  Some
documents are only of historic importance.

Files found here
----------------

ACKS                    Acknowledgements
gdbinit                 Handy stuff to put in your .gdbinit file, if you use gdb
HISTORY                 News from previous releases -- oldest last
indent.pro              GNU indent profile approximating my C style
NEWS                    News for this release (for some meaning of "this")
Porting                 Mini-FAQ on porting to new platforms
python-config.in        Python script template for python-config
python.man              UNIX man page for the python interpreter
python.pc.in            Package configuration info template for pkg-config
python-wing*.wpr        Wing IDE project file
README                  The file you're reading now
README.AIX              Information about using Python on AIX
README.coverity         Information about running Coverity's Prevent on Python
README.valgrind         Information for Valgrind users, see valgrind-python.supp
SpecialBuilds.txt       Describes extra symbols you can set for debug builds
svnmap.txt              Map of old SVN revs and branches to hg changeset ids,
                        help history-digging
valgrind-python.supp    Valgrind suppression file, see README.valgrind
vgrindefs               Python configuration for vgrind (a generic pretty printer)