File curl-CVE-2020-8284.patch of Package curl.16142

Overview Repositories Revisions Requests Users Attributes Meta

File curl-CVE-2020-8284.patch of Package curl.16142

From 20ceeeeb6df4ad7444d0ac6f080557954e05ec1d Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 24 Nov 2020 14:56:57 +0100
Subject: [PATCH] ftp: CURLOPT_FTP_SKIP_PASV_IP by default

The command line tool also independently sets --ftp-skip-pasv-ip by
default.

Ten test cases updated to adapt the modified --libcurl output.

Bug: https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8284

Index: b/lib/url.c
===================================================================
--- a/lib/url.c	2020-12-10 17:00:59.847417077 +0000
+++ b/lib/url.c	2020-12-10 17:01:24.250374431 +0000
@@ -497,6 +497,7 @@ CURLcode Curl_init_userdefined(struct Us
 
   /* conversion callbacks for non-ASCII hosts */
   set->convfromnetwork = ZERO_NULL;
+  set->ftp_skip_ip = TRUE;    /* skip PASV IP by default */
   set->convtonetwork   = ZERO_NULL;
   set->convfromutf8    = ZERO_NULL;
 
Index: b/src/tool_cfgable.c
===================================================================
--- a/src/tool_cfgable.c	2020-12-10 17:00:59.847417077 +0000
+++ b/src/tool_cfgable.c	2020-12-10 17:01:24.251374553 +0000
@@ -44,6 +44,7 @@ void config_init(struct OperationConfig*
 static void free_config_fields(struct OperationConfig *config)
 {
   struct getout *urlnode;
+  config->ftp_skip_ip = TRUE;
 
   Curl_safefree(config->random_file);
   Curl_safefree(config->egd_file);

Places

File curl-CVE-2020-8284.patch of Package curl.16142

Places