Bugzilla – Attachment 31702 Details for
Bug 64183
VUL-0: CVE-2004-1488: multiple wget flaws
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
New patch handling .. issue
wget-LFS-20040909.CAN-2004-1487.dif2 (text/plain), 1.61 KB, created by
Sebastian Krahmer
on 2005-03-15 12:29:01 UTC
(
hide
)
Description:
New patch handling .. issue
Filename:
MIME Type:
Creator:
Sebastian Krahmer
Created:
2005-03-15 12:29:01 UTC
Size:
1.61 KB
patch
obsolete
>diff -ruN wget-LFS-20040909/src/http.c wget-LFS-20040909.patched/src/http.c >--- wget-LFS-20040909/src/http.c 2004-09-09 19:28:26.000000000 -0700 >+++ wget-LFS-20040909.patched/src/http.c 2005-03-15 05:12:29.101069024 -0800 >@@ -1719,6 +1719,7 @@ > /* Open the local file. */ > if (!output_stream) > { >+ sanitize_path(*hs->local_file); > mkalldirs (*hs->local_file); > if (opt.backups) > rotate_backups (*hs->local_file); >diff -ruN wget-LFS-20040909/src/utils.c wget-LFS-20040909.patched/src/utils.c >--- wget-LFS-20040909/src/utils.c 2004-09-09 13:32:07.000000000 -0700 >+++ wget-LFS-20040909.patched/src/utils.c 2005-03-15 05:13:19.175456560 -0800 >@@ -368,6 +368,25 @@ > #endif > } > >+ >+char * >+sanitize_path(char *path) >+{ >+ char *str = NULL; >+ >+ /* evilhost/../ */ >+ while ((str = strstr(path, "/..")) != NULL) >+ memcpy(&str[1], "__", 2); >+ /* evilhost/.bashrc */ >+ while ((str = strstr(path, "/.")) != NULL) >+ str[1] = '_'; >+ /* .bashrc */ >+ if (*path == '.') >+ *path = '_'; >+ return path; >+} >+ >+ > /* Returns 0 if PATH is a directory, 1 otherwise (any kind of file). > Returns 0 on error. */ > int >diff -ruN wget-LFS-20040909/src/utils.h wget-LFS-20040909.patched/src/utils.h >--- wget-LFS-20040909/src/utils.h 2004-09-09 21:05:36.000000000 -0700 >+++ wget-LFS-20040909.patched/src/utils.h 2005-03-15 05:12:29.107068112 -0800 >@@ -83,6 +83,7 @@ > int make_directory PARAMS ((const char *)); > char *unique_name PARAMS ((const char *, int)); > char *file_merge PARAMS ((const char *, const char *)); >+char *sanitize_path PARAMS ((char *)); > > int acceptable PARAMS ((const char *)); > int accdir PARAMS ((const char *s, enum accd));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=31702">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 64183
:
28641
| 31702 |
33979