You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
1. Set up a ftp server with the FTPHandler.permit_foreign_address attribute
set to False (default).
2. Connect with a client and send a PASV or EPSV command.
3. Use another client having a different address to establish the
connection with the passive listening socket (site-to-site transfer).
What is the expected output?
What do you see instead?
The FTP site-to-site transfer feature, also referenced as "FXP", permits
for transferring a file between two remote FTP servers without the transfer
going through the client's host.
When the FTPHandler.permit_foreign_address attribute is set to False a data
connection from a remote IP address which does not match the client's IP
address will be dropped and the listening socket will remain open.
When such an event occurs the timer used to close the listening socket in
case the connection will not occur within 30 seconds gets stopped.
This shouldn't happen and may also represent a security issue in case a
malicious host tries to open a lot of listening data sockets by repeating
steps 2 and 3 described above.
From billiej...@gmail.com on October 01, 2008 16:07:21
Original issue: http://code.google.com/p/pyftpdlib/issues/detail?id=78
The text was updated successfully, but these errors were encountered: