cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Error when download file from server which have configured load balancing

From: Richard Atterer <richard_at_2008.atterer.net>
Date: Mon, 18 Aug 2008 14:27:15 +0200

Hi,

I remember I once touched that code via one of my patches
<http://curl.haxx.se/mail/lib-2004-12/0061.html>, though IIRC it was only
the code path where the server does not send back an IP address.

On Mon, Aug 18, 2008 at 05:23:10PM +0800, ianguo_at_linpus.com wrote:
> When we use http, the above codes works fine. But when use ftp,
> libcurl fails. libcurl send request to server A:21, then A dispatch
> B:1234 to response, but libcurl still try to connect server A:1234. It
> will certainly fail, because the port 1234 of server A is forbidden to
> access.

Is this type of setup supported by FTP clients these days? A malicious
server A can use it to have FTP clients from all over the world scan
for arbitrary open ports on any IP, so I'd expect mainstream browsers to
disable (or severely limit) this part of the protocol.

Cheers,

  Richard

-- 
  __   _
  |_) /|  Richard Atterer     |  GnuPG key: 888354F7
  | \/|  http://atterer.net  |  08A9 7B7D 3D13 3EF2 3D25  D157 79E6 F6DC 8883 54F7
   '` 
Received on 2008-08-18