[svn] Fix bogus ".." hosts injecting such components to path.

author hniksic <devnull@localhost>

Sat, 5 Mar 2005 23:04:05 +0000 (15:04 -0800)

committer hniksic <devnull@localhost>

Sat, 5 Mar 2005 23:04:05 +0000 (15:04 -0800)
author hniksic <devnull@localhost>
Sat, 5 Mar 2005 23:04:05 +0000 (15:04 -0800)
committer hniksic <devnull@localhost>
Sat, 5 Mar 2005 23:04:05 +0000 (15:04 -0800)
diff --git a/src/ChangeLog b/src/ChangeLog

index 762067f029d576c6d0d78629b4807b0d5a885480..f29dd261908820efffdb4c6950836316a8d2bc93 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2005-03-05  Hrvoje Niksic  <hniksic@xemacs.org>
+
+       * url.c (url_file_name): Don't allow hosts named ".." to be
+       appended as path elements.
+
  2005-03-03  Hrvoje Niksic  <hniksic@xemacs.org>
  
         * retr.c (retrieve_url): Escape location header.
diff --git a/src/url.c b/src/url.c

index 7762473f5c067944fff17a68ea7d1644117c8b61..3539905012675df91680599a937b1e7954d5e7fb 100644 (file)
--- a/src/url.c
+++ b/src/url.c
@@ -1454,7 +1454,13 @@ url_file_name (const struct url *u)
         {
           if (fnres.tail)
             append_char ('/', &fnres);
-         append_string (u->host, &fnres);
+         if (0 != strcmp (u->host, ".."))
+           append_string (u->host, &fnres);
+         else
+           /* Host name can come from the network; malicious DNS may
+              allow ".." to be resolved, causing us to write to
+              "../<file>".  Defang such host names.  */
+           append_string ("%2E%2E", &fnres);
           if (u->port != scheme_default_port (u->scheme))
             {
               char portstr[24];
author	hniksic <devnull@localhost>
	Sat, 5 Mar 2005 23:04:05 +0000 (15:04 -0800)
committer	hniksic <devnull@localhost>
	Sat, 5 Mar 2005 23:04:05 +0000 (15:04 -0800)
src/ChangeLog		patch \| blob \| history
src/url.c		patch \| blob \| history