diff options
author | Fumitoshi UKAI <ukai@debian.or.jp> | 2002-12-13 00:09:50 +0000 |
---|---|---|
committer | Fumitoshi UKAI <ukai@debian.or.jp> | 2002-12-13 00:09:50 +0000 |
commit | 0b9f61c0391b56adcf3c259b231580c84db8098c (patch) | |
tree | 6559dd140039b1669d720c039af5df32cb928d8f | |
parent | [w3m-dev 03562] #undef BUFINFO (diff) | |
download | w3m-0b9f61c0391b56adcf3c259b231580c84db8098c.tar.gz w3m-0b9f61c0391b56adcf3c259b231580c84db8098c.zip |
[w3m-dev 03563] Directory Traversal Vulnerabilities in FTP Clients
* file.c (guess_save_name): pass guess_filename
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | file.c | 18 |
2 files changed, 14 insertions, 11 deletions
@@ -1,5 +1,10 @@ 2002-12-13 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp> + * [w3m-dev 03563] Directory Traversal Vulnerabilities in FTP Clients + * file.c (guess_save_name): pass guess_filename + +2002-12-13 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp> + * [w3m-dev 03562] #undef BUFINFO * config.h.dist (BUFINFO): undef * configure (use_bufinfo): n @@ -5746,4 +5751,4 @@ a * [w3m-dev 03276] compile error on EWS4800 * release-0-2-1 * import w3m-0.2.1 -$Id: ChangeLog,v 1.614 2002/12/12 23:55:30 ukai Exp $ +$Id: ChangeLog,v 1.615 2002/12/13 00:09:50 ukai Exp $ @@ -1,4 +1,4 @@ -/* $Id: file.c,v 1.158 2002/12/10 15:36:10 ukai Exp $ */ +/* $Id: file.c,v 1.159 2002/12/13 00:09:50 ukai Exp $ */ #include "fm.h" #include <sys/types.h> #include "myctype.h" @@ -7832,16 +7832,14 @@ guess_save_name(Buffer *buf, char *path) char *p, *q; if ((p = checkHeader(buf, "Content-Disposition:")) != NULL && (q = strcasestr(p, "filename")) != NULL && - (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';')) { - if (matchattr(q, "filename", 8, &name)) - return name->ptr; - } - if ((p = checkHeader(buf, "Content-Type:")) != NULL && + (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';') && + matchattr(q, "filename", 8, &name)) + path = name->ptr; + else if ((p = checkHeader(buf, "Content-Type:")) != NULL && (q = strcasestr(p, "name")) != NULL && - (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';')) { - if (matchattr(q, "name", 4, &name)) - return name->ptr; - } + (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';') && + matchattr(q, "name", 4, &name)) + path = name->ptr; } return guess_filename(path); } |