[packages/wget.git] / wget-filename.patch

diff -urN wget-1.8.2/src/fnmatch.c wget-1.8.2_save/src/fnmatch.c
--- wget-1.8.2/src/fnmatch.c	Sat May 18 05:05:15 2002
+++ wget-1.8.2_save/src/fnmatch.c	Fri Oct  4 14:53:40 2002
@@ -198,6 +198,17 @@
   return (FNM_NOMATCH);
 }
 
+/* Return non-zero if S has a leading '/'  or contains '../' */
+int
+has_invalid_name (const char *s)
+{
+	if (*s == '/')
+		return 1;
+	if (strstr(s, "../") != 0)
+		return 1;
+	return 0;
+}
+
 /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
    `]').  */
 int
diff -urN wget-1.8.2/src/ftp.c wget-1.8.2_save/src/ftp.c
--- wget-1.8.2/src/ftp.c	Sat May 18 05:05:16 2002
+++ wget-1.8.2_save/src/ftp.c	Fri Oct  4 15:07:22 2002
@@ -1551,6 +1551,8 @@
 {
   struct fileinfo *orig, *start;
   uerr_t res;
+  struct fileinfo *f;
+
 
   con->cmd |= LEAVE_PENDING;
 
@@ -1562,8 +1564,7 @@
      opt.accepts and opt.rejects.  */
   if (opt.accepts || opt.rejects)
     {
-      struct fileinfo *f = orig;
-
+	f = orig;
       while (f)
 	{
 	  if (f->type != FT_DIRECTORY && !acceptable (f->name))
@@ -1575,6 +1576,18 @@
 	    f = f->next;
 	}
     }
+  /* Remove all files with possible harmful names */
+  f = orig;
+  while (f)
+  {
+     if (has_invalid_name(f->name))
+     {
+	  logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
+	  f = delelement (f, &start);
+     }
+     else
+	  f = f->next;
+  }
   /* Now weed out the files that do not match our globbing pattern.
      If we are dealing with a globbing pattern, that is.  */
   if (*u->file && (action == GLOBALL || action == GETONE))
Commit	Line	Data
c13f2f65 JB	1	diff -urN wget-1.8.2/src/fnmatch.c wget-1.8.2_save/src/fnmatch.c
	2	--- wget-1.8.2/src/fnmatch.c Sat May 18 05:05:15 2002
	3	+++ wget-1.8.2_save/src/fnmatch.c Fri Oct 4 14:53:40 2002
	4	@@ -198,6 +198,17 @@
	5	return (FNM_NOMATCH);
	6	}
	7
	8	+/* Return non-zero if S has a leading '/' or contains '../' */
	9	+int
	10	+has_invalid_name (const char *s)
	11	+{
	12	+ if (*s == '/')
	13	+ return 1;
	14	+ if (strstr(s, "../") != 0)
	15	+ return 1;
	16	+ return 0;
	17	+}
	18	+
	19	/* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
	20	`]'). */
	21	int
	22	diff -urN wget-1.8.2/src/ftp.c wget-1.8.2_save/src/ftp.c
	23	--- wget-1.8.2/src/ftp.c Sat May 18 05:05:16 2002
	24	+++ wget-1.8.2_save/src/ftp.c Fri Oct 4 15:07:22 2002
	25	@@ -1551,6 +1551,8 @@
	26	{
	27	struct fileinfo orig, start;
	28	uerr_t res;
	29	+ struct fileinfo *f;
	30	+
	31
	32	con->cmd \|= LEAVE_PENDING;
	33
	34	@@ -1562,8 +1564,7 @@
	35	opt.accepts and opt.rejects. */
	36	if (opt.accepts \|\| opt.rejects)
	37	{
	38	- struct fileinfo *f = orig;
	39	-
	40	+ f = orig;
	41	while (f)
	42	{
	43	if (f->type != FT_DIRECTORY && !acceptable (f->name))
	44	@@ -1575,6 +1576,18 @@
	45	f = f->next;
	46	}
	47	}
	48	+ /* Remove all files with possible harmful names */
	49	+ f = orig;
	50	+ while (f)
	51	+ {
	52	+ if (has_invalid_name(f->name))
	53	+ {
	54	+ logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
	55	+ f = delelement (f, &start);
	56	+ }
	57	+ else
	58	+ f = f->next;
	59	+ }
	60	/* Now weed out the files that do not match our globbing pattern.
	61	If we are dealing with a globbing pattern, that is. */
	62	if (*u->file && (action == GLOBALL \|\| action == GETONE))