openpkg-packages/wget/wget.patch

--- src/fnmatch.c.orig	2002/05/18 03:05:15	1.2.2.1
+++ src/fnmatch.c	2003/01/11 19:53:31	1.2.2.2
@@ -35,6 +35,11 @@
 
 #include <errno.h>
 #include "wget.h"
+#ifdef HAVE_STRING_H
+# include <string.h>
+#else
+# include <strings.h>
+#endif /* HAVE_STRING_H */
 #include "fnmatch.h"
 
 /* Match STRING against the filename pattern PATTERN, returning zero
@@ -196,6 +201,19 @@
     return (0);
 
   return (FNM_NOMATCH);
+}
+
+/* Return non-zero if S has a leading '/'  or contains '../' */
+int
+has_insecure_name_p (const char *s)
+{
+  if (*s == '/')
+    return 1;
+
+  if (strstr(s, "../") != 0)
+    return 1;
+
+  return 0;
 }
 
 /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
--- src/ftp.c.orig	2002/05/18 03:05:16	1.52.2.1
+++ src/ftp.c	2003/01/11 19:53:31	1.52.2.2
@@ -1549,7 +1549,7 @@
 static uerr_t
 ftp_retrieve_glob (struct url *u, ccon *con, int action)
 {
-  struct fileinfo *orig, *start;
+  struct fileinfo *f, *orig, *start;
   uerr_t res;
 
   con->cmd |= LEAVE_PENDING;
@@ -1562,8 +1562,7 @@
      opt.accepts and opt.rejects.  */
   if (opt.accepts || opt.rejects)
     {
-      struct fileinfo *f = orig;
-
+      f = orig;
       while (f)
 	{
 	  if (f->type != FT_DIRECTORY && !acceptable (f->name))
@@ -1575,13 +1574,25 @@
 	    f = f->next;
 	}
     }
+  /* Remove all files with possible harmful names */
+  f = orig;
+  while (f)
+    {
+      if (has_insecure_name_p(f->name))
+	{
+	  logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
+	  f = delelement (f, &start);
+	}
+      else
+	f = f->next;
+    }
   /* Now weed out the files that do not match our globbing pattern.
      If we are dealing with a globbing pattern, that is.  */
   if (*u->file && (action == GLOBALL || action == GETONE))
     {
       int matchres = 0;
-      struct fileinfo *f = start;
 
+      f = start;
       while (f)
 	{
 	  matchres = fnmatch (u->file, f->name, 0);