[svn] Fix for FTP directory traversal vulnerability (at least for Unix).

[wget] / src / fnmatch.c

diff --git a/src/fnmatch.c b/src/fnmatch.c
index 6689a1befa921a220c526431cf9cfb6871a9a771..39bf6e012ae1a90560def7805d348ea6c852e301 100644 (file)
--- a/src/fnmatch.c
+++ b/src/fnmatch.c
@@ -35,6 +35,11 @@ so, delete this exception statement from your version.  */
 
 #include <errno.h>
 #include "wget.h"
+#ifdef HAVE_STRING_H
+# include <string.h>
+#else
+# include <strings.h>
+#endif /* HAVE_STRING_H */
 #include "fnmatch.h"
 
 /* Match STRING against the filename pattern PATTERN, returning zero
@@ -198,6 +203,19 @@ fnmatch (const char *pattern, const char *string, int flags)
   return (FNM_NOMATCH);
 }
 
+/* Return non-zero if S has a leading '/'  or contains '../' */
+int
+has_insecure_name_p (const char *s)
+{
+  if (*s == '/')
+    return 1;
+
+  if (strstr(s, "../") != 0)
+    return 1;
+
+  return 0;
+}
+
 /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
    `]').  */
 int