diff options
author | sf <sf@FreeBSD.org> | 2002-12-11 23:58:37 +0800 |
---|---|---|
committer | sf <sf@FreeBSD.org> | 2002-12-11 23:58:37 +0800 |
commit | eda4f996a2493a142a370ced5726745e112a9850 (patch) | |
tree | 5677ded809a0e2e54fd5c69361bfd4e1c4dc432b /ftp/wget/files | |
parent | 51d3983f5e2d99f9c449a1df5aebb83c75f0b21d (diff) | |
download | freebsd-ports-gnome-eda4f996a2493a142a370ced5726745e112a9850.tar.gz freebsd-ports-gnome-eda4f996a2493a142a370ced5726745e112a9850.tar.zst freebsd-ports-gnome-eda4f996a2493a142a370ced5726745e112a9850.zip |
Fix directory traversal bug in FTP.
References:
http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719482&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344
Patches obtained from: Red Hat Linux
Approved by: portmgr(will)
Diffstat (limited to 'ftp/wget/files')
-rw-r--r-- | ftp/wget/files/patch-src_fnmatch_c | 21 | ||||
-rw-r--r-- | ftp/wget/files/patch-src_ftp_c | 40 |
2 files changed, 61 insertions, 0 deletions
diff --git a/ftp/wget/files/patch-src_fnmatch_c b/ftp/wget/files/patch-src_fnmatch_c new file mode 100644 index 000000000000..5da55bc4f562 --- /dev/null +++ b/ftp/wget/files/patch-src_fnmatch_c @@ -0,0 +1,21 @@ +$OpenBSD: patch-src_fnmatch_c,v 1.1 2002/12/10 18:37:24 brad Exp $ +--- src/fnmatch.c.orig Tue Dec 10 13:06:09 2002 ++++ src/fnmatch.c Tue Dec 10 13:07:23 2002 +@@ -188,6 +188,17 @@ fnmatch (const char *pattern, const char + return (FNM_NOMATCH); + } + ++/* Return non-zero if S has a leading '/' or contains '../' */ ++int ++has_invalid_name (const char *s) ++{ ++ if (*s == '/') ++ return 1; ++ if (strstr(s, "../") != 0) ++ return 1; ++ return 0; ++} ++ + /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or + `]'). */ + int diff --git a/ftp/wget/files/patch-src_ftp_c b/ftp/wget/files/patch-src_ftp_c new file mode 100644 index 000000000000..3da2f4186d7e --- /dev/null +++ b/ftp/wget/files/patch-src_ftp_c @@ -0,0 +1,40 @@ +$OpenBSD: patch-src_ftp_c,v 1.1 2002/12/10 18:37:24 brad Exp $ +--- src/ftp.c.orig Tue Dec 10 13:08:00 2002 ++++ src/ftp.c Tue Dec 10 13:16:22 2002 +@@ -1637,6 +1637,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc + { + struct fileinfo *orig, *start; + uerr_t res; ++ struct fileinfo *f; + + con->cmd |= LEAVE_PENDING; + +@@ -1648,8 +1649,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc + opt.accepts and opt.rejects. */ + if (opt.accepts || opt.rejects) + { +- struct fileinfo *f = orig; +- ++ f = orig; + while (f) + { + if (f->type != FT_DIRECTORY && !acceptable (f->name)) +@@ -1661,6 +1661,18 @@ ftp_retrieve_glob (struct urlinfo *u, cc + f = f->next; + } + } ++ /* Remove all files with possible harmful names */ ++ f = orig; ++ while (f) ++ { ++ if (has_invalid_name(f->name)) ++ { ++ logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name); ++ f = delelement (f, &start); ++ } ++ else ++ f = f->next; ++ } + /* Now weed out the files that do not match our globbing pattern. + If we are dealing with a globbing pattern, that is. */ + if (*u->file && (action == GLOBALL || action == GETONE)) |