[svn] Fix escape chars in server response vulnerability. Server response is

[wget] / src / cookies.c

diff --git a/src/cookies.c b/src/cookies.c
index 72ef0a9de3ead3821ee680804fd2271bc1b0326c..fe9761fde43fa30ff2a1d1f8032e312d7d7dbdc4 100644 (file)
--- a/src/cookies.c
+++ b/src/cookies.c
@@ -616,7 +616,8 @@ parse_set_cookies (const char *sc,
                    char *name;
                    BOUNDED_TO_ALLOCA (name_b, name_e, name);
                    logprintf (LOG_NOTQUIET,
-                              _("Error in Set-Cookie, field `%s'"), name);
+                              _("Error in Set-Cookie, field `%s'"),
+                              escnonprint (name));
                  }
                state = S_ERROR;
                break;
@@ -640,7 +641,7 @@ parse_set_cookies (const char *sc,
   if (!silent)
     logprintf (LOG_NOTQUIET,
               _("Syntax error in Set-Cookie: %s at position %d.\n"),
-              sc, p - sc);
+              escnonprint (sc), p - sc);
   return NULL;
 }
 \f
@@ -783,7 +784,7 @@ check_domain_match (const char *cookie_domain, const char *host)
       {
        int i;
        int known_toplevel = 0;
-       static char *known_toplevel_domains[] = {
+       static const char *known_toplevel_domains[] = {
          ".com", ".edu", ".net", ".org", ".gov", ".mil", ".int"
        };
        for (i = 0; i < countof (known_toplevel_domains); i++)
@@ -862,7 +863,7 @@ cookie_handle_set_cookie (struct cookie_jar *jar,
        {
          logprintf (LOG_NOTQUIET,
                     "Cookie coming from %s attempted to set domain to %s\n",
-                    host, cookie->domain);
+                    escnonprint (host), escnonprint (cookie->domain));
          xfree (cookie->domain);
          goto copy_domain;
        }