head	1.2;
access;
symbols
	RELEASE_5_4_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2005.04.07.05.14.29;	author sf;	state dead;
branches;
next	1.1;

1.1
date	2005.03.08.23.03.20;	author simon;	state Exp;
branches;
next	;


desc
@@


1.2
log
@o update to 1.10 alpha1.
o take maintainership.

Security:	http://www.vuxml.org/freebsd/06f142ff-4df3-11d9-a9e7-0001020eed82.html
Security:	CAN-2004-1488
@
text
@diff -ruN wget-LFS-20040909/src/http.c wget-LFS-20040909.patched/src/http.c
--- src/http.c.orig	2004-09-09 19:28:26.000000000 -0700
+++ src/http.c	2005-02-21 04:13:05.000000000 -0800
@@@@ -1719,6 +1719,7 @@@@
   /* Open the local file.  */
   if (!output_stream)
     {
+      sanitize_path(*hs->local_file);
       mkalldirs (*hs->local_file);
       if (opt.backups)
 	rotate_backups (*hs->local_file);
diff -ruN wget-LFS-20040909/src/utils.c wget-LFS-20040909.patched/src/utils.c
--- src/utils.c.orig	2004-09-09 13:32:07.000000000 -0700
+++ src/utils.c	2005-02-21 04:11:54.000000000 -0800
@@@@ -368,6 +368,25 @@@@
 #endif
 }
 
+
+char *
+sanitize_path(char *path)
+{
+	char *str = NULL;
+
+	/* evilhost/../ */
+	while ((str = strstr(path,  "..")) != NULL)
+		memcpy(str, "__", 2);
+	/* evilhost/.bashrc */
+	while ((str = strstr(path, "/.")) != NULL)
+		str[1] = '_';
+	/* .bashrc */
+	if (*path == '.')
+		*path = '_';
+	return path;
+}
+
+
 /* Returns 0 if PATH is a directory, 1 otherwise (any kind of file).
    Returns 0 on error.  */
 int
diff -ruN wget-LFS-20040909/src/utils.h wget-LFS-20040909.patched/src/utils.h
--- src/utils.h.orig	2004-09-09 21:05:36.000000000 -0700
+++ src/utils.h	2005-02-21 04:04:07.000000000 -0800
@@@@ -83,6 +83,7 @@@@
 int make_directory PARAMS ((const char *));
 char *unique_name PARAMS ((const char *, int));
 char *file_merge PARAMS ((const char *, const char *));
+char *sanitize_path PARAMS ((char *));
 
 int acceptable PARAMS ((const char *));
 int accdir PARAMS ((const char *s, enum accd));
@


1.1
log
@Fix directory traversal vulnerability.

Security:	CAN-2004-1487
Security:	http://vuxml.FreeBSD.org/06f142ff-4df3-11d9-a9e7-0001020eed82.html
		(part of)
Obtained from:	SuSE
Approved by:	erwin (mentor)
@
text
@@

