+2005-03-05 Hrvoje Niksic <hniksic@xemacs.org>
+
+ * url.c (url_file_name): Don't allow hosts named ".." to be
+ appended as path elements.
+
2005-03-03 Hrvoje Niksic <hniksic@xemacs.org>
* retr.c (retrieve_url): Escape location header.
{
if (fnres.tail)
append_char ('/', &fnres);
- append_string (u->host, &fnres);
+ if (0 != strcmp (u->host, ".."))
+ append_string (u->host, &fnres);
+ else
+ /* Host name can come from the network; malicious DNS may
+ allow ".." to be resolved, causing us to write to
+ "../<file>". Defang such host names. */
+ append_string ("%2E%2E", &fnres);
if (u->port != scheme_default_port (u->scheme))
{
char portstr[24];