[svn] Fix escape chars in server response vulnerability. Server response is

[wget] / src / cookies.c

diff --git a/src/cookies.c b/src/cookies.c
index 98ab423c1f7782598988341349c27bdcbe8f1c37..fe9761fde43fa30ff2a1d1f8032e312d7d7dbdc4 100644 (file)
--- a/src/cookies.c
+++ b/src/cookies.c
@@ -616,7 +616,8 @@ parse_set_cookies (const char *sc,
                    char *name;
                    BOUNDED_TO_ALLOCA (name_b, name_e, name);
                    logprintf (LOG_NOTQUIET,
-                              _("Error in Set-Cookie, field `%s'"), name);
+                              _("Error in Set-Cookie, field `%s'"),
+                              escnonprint (name));
                  }
                state = S_ERROR;
                break;
@@ -640,7 +641,7 @@ parse_set_cookies (const char *sc,
   if (!silent)
     logprintf (LOG_NOTQUIET,
               _("Syntax error in Set-Cookie: %s at position %d.\n"),
-              sc, p - sc);
+              escnonprint (sc), p - sc);
   return NULL;
 }
 \f
@@ -862,7 +863,7 @@ cookie_handle_set_cookie (struct cookie_jar *jar,
        {
          logprintf (LOG_NOTQUIET,
                     "Cookie coming from %s attempted to set domain to %s\n",
-                    host, cookie->domain);
+                    escnonprint (host), escnonprint (cookie->domain));
          xfree (cookie->domain);
          goto copy_domain;
        }