[svn] Fix escape chars in server response vulnerability. Server response is

[wget] / src / connect.c

diff --git a/src/connect.c b/src/connect.c
index ffa33cc0427a859405e71ad067b13b449f523d1b..40efc3630517bbaa55642ad6f9587898a22c1108 100644 (file)
--- a/src/connect.c
+++ b/src/connect.c
@@ -261,7 +261,7 @@ connect_to_ip (const ip_address *ip, int port, const char *print)
 {
   struct sockaddr_storage ss;
   struct sockaddr *sa = (struct sockaddr *)&ss;
-  int sock = -1;
+  int sock;
 
   /* If PRINT is non-NULL, print the "Connecting to..." line, with
      PRINT being the host name we're connecting to.  */
@@ -269,8 +269,8 @@ connect_to_ip (const ip_address *ip, int port, const char *print)
     {
       const char *txt_addr = pretty_print_address (ip);
       if (print && 0 != strcmp (print, txt_addr))
-       logprintf (LOG_VERBOSE,
-                  _("Connecting to %s|%s|:%d... "), print, txt_addr, port);
+       logprintf (LOG_VERBOSE, _("Connecting to %s|%s|:%d... "),
+                  escnonprint (print), txt_addr, port);
       else
        logprintf (LOG_VERBOSE, _("Connecting to %s:%d... "), txt_addr, port);
     }
@@ -873,8 +873,8 @@ fd_read (int fd, char *buf, int bufsize, double timeout)
     return sock_read (fd, buf, bufsize);
 }
 
-/* The same as xread, but don't actually read the data, just copy it
-   instead.  */
+/* The same as fd_read, but don't actually read the data, just find out
+   what's the number of bytes available for reading.  */
 
 int
 fd_peek (int fd, char *buf, int bufsize, double timeout)