Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
ruby2.5.21931
CVE-2021-31810.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-31810.patch of Package ruby2.5.21931
From 4d2754b6275a3592b34f692e7607b1da9b748dd1 Mon Sep 17 00:00:00 2001 From: Ali Abdallah <ali.abdallah@suse.com> Date: Wed, 6 Oct 2021 17:36:07 +0200 Subject: [PATCH 2/3] Backport upstream fix for CVE-2021-31810 Backport upstream commit 3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 [PATCH] Ignore IP addresses in PASV responses by default, and add new option use_pasv_ip This fixes CVE-2021-81810. Reported by Alexandr Savca. Co-authored-by: Shugo Maeda <shugo@ruby-lang.org> --- lib/net/ftp.rb | 15 ++++++++++++++- test/net/ftp/test_ftp.rb | 7 +++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb index 9902f9dc65..338dbbc5a8 100644 --- a/lib/net/ftp.rb +++ b/lib/net/ftp.rb @@ -97,6 +97,10 @@ class FTP < Protocol # When +true+, the connection is in passive mode. Default: +true+. attr_accessor :passive + # When +true+, use the IP address in PASV responses. Otherwise, it uses + # the same IP address for the control connection. Default: +false+. + attr_accessor :use_pasv_ip + # When +true+, all traffic to and from the server is written # to +$stdout+. Default: +false+. attr_accessor :debug_mode @@ -205,6 +209,9 @@ def FTP.open(host, *args) # handshake. # See Net::FTP#ssl_handshake_timeout for # details. Default: +nil+. + # use_pasv_ip:: When +true+, use the IP address in PASV responses. + # Otherwise, it uses the same IP address for the control + # connection. Default: +false+. # debug_mode:: When +true+, all traffic to and from the server is # written to +$stdout+. Default: +false+. # @@ -265,6 +272,7 @@ def initialize(host = nil, user_or_options = {}, passwd = nil, acct = nil) @open_timeout = options[:open_timeout] @ssl_handshake_timeout = options[:ssl_handshake_timeout] @read_timeout = options[:read_timeout] || 60 + @use_pasv_ip = options[:use_pasv_ip] || false if host connect(host, options[:port] || FTP_PORT) if options[:username] @@ -1330,7 +1338,12 @@ def parse227(resp) # :nodoc: raise FTPReplyError, resp end if m = /\((?<host>\d+(,\d+){3}),(?<port>\d+,\d+)\)/.match(resp) - return parse_pasv_ipv4_host(m["host"]), parse_pasv_port(m["port"]) + if @use_pasv_ip + host = parse_pasv_ipv4_host(m["host"]) + else + host = @sock.peeraddr[3] + end + return host, parse_pasv_port(m["port"]) else raise FTPProtoError, resp end diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb index 8e0a688135..7a85488ddb 100644 --- a/test/net/ftp/test_ftp.rb +++ b/test/net/ftp/test_ftp.rb @@ -62,6 +62,7 @@ def test_connect_fail def test_parse227 ftp = Net::FTP.new + ftp.use_pasv_ip = true host, port = ftp.send(:parse227, "227 Entering Passive Mode (192,168,0,1,12,34)") assert_equal("192.168.0.1", host) assert_equal(3106, port) @@ -80,6 +81,12 @@ def test_parse227 assert_raise(Net::FTPProtoError) do ftp.send(:parse227, "227 ) foo bar (") end + ftp = Net::FTP.new + sock = OpenStruct.new + sock.peeraddr = [nil, nil, nil, "10.0.0.1"] + ftp.instance_variable_set(:@sock, sock) + host, port = ftp.send(:parse227, "227 Entering Passive Mode (192,168,0,1,12,34)") + assert_equal("10.0.0.1", host) end def test_parse228 -- 2.32.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor