+2003-01-11 Ian Abbott <abbotti@mev.co.uk>
+
+ * ftp.c (ftp_retrieve_glob): Reject insecure filenames as determined
+ by calling new function has_insecure_name_p. This is based on a
+ patch by Red Hat.
+
+ * fnmatch.c (has_insecure_name_p): New function: returns non-zero
+ if filename starts with `/' or contains `../' and is therefore
+ considered insecure.
+
+ * fnmatch.h: Declare has_insecure_name_p().
+
2002-08-03 Hrvoje Niksic <hniksic@xemacs.org>
* init.c (cmd_file): Allocate RESULT correctly.
#include <errno.h>
#include "wget.h"
+#ifdef HAVE_STRING_H
+# include <string.h>
+#else
+# include <strings.h>
+#endif /* HAVE_STRING_H */
#include "fnmatch.h"
/* Match STRING against the filename pattern PATTERN, returning zero
return (FNM_NOMATCH);
}
+/* Return non-zero if S has a leading '/' or contains '../' */
+int
+has_insecure_name_p (const char *s)
+{
+ if (*s == '/')
+ return 1;
+
+ if (strstr(s, "../") != 0)
+ return 1;
+
+ return 0;
+}
+
/* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
`]'). */
int
#define FNM_NOMATCH 1
int fnmatch PARAMS ((const char *, const char *, int));
+int has_insecure_name_p PARAMS ((const char *s));
int has_wildcards_p PARAMS ((const char *));
#endif /* FNMATCH_H */
static uerr_t
ftp_retrieve_glob (struct url *u, ccon *con, int action)
{
- struct fileinfo *orig, *start;
+ struct fileinfo *f, *orig, *start;
uerr_t res;
con->cmd |= LEAVE_PENDING;
opt.accepts and opt.rejects. */
if (opt.accepts || opt.rejects)
{
- struct fileinfo *f = orig;
-
+ f = orig;
while (f)
{
if (f->type != FT_DIRECTORY && !acceptable (f->name))
f = f->next;
}
}
+ /* Remove all files with possible harmful names */
+ f = orig;
+ while (f)
+ {
+ if (has_insecure_name_p(f->name))
+ {
+ logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
+ f = delelement (f, &start);
+ }
+ else
+ f = f->next;
+ }
/* Now weed out the files that do not match our globbing pattern.
If we are dealing with a globbing pattern, that is. */
if (*u->file && (action == GLOBALL || action == GETONE))
{
int matchres = 0;
- struct fileinfo *f = start;
+ f = start;
while (f)
{
matchres = fnmatch (u->file, f->name, 0);