diff options
author | Fumitoshi UKAI <ukai@debian.or.jp> | 2002-12-13 00:09:50 +0000 |
---|---|---|
committer | Fumitoshi UKAI <ukai@debian.or.jp> | 2002-12-13 00:09:50 +0000 |
commit | 0b9f61c0391b56adcf3c259b231580c84db8098c (patch) | |
tree | 6559dd140039b1669d720c039af5df32cb928d8f /file.c | |
parent | [w3m-dev 03562] #undef BUFINFO (diff) | |
download | w3m-0b9f61c0391b56adcf3c259b231580c84db8098c.tar.gz w3m-0b9f61c0391b56adcf3c259b231580c84db8098c.zip |
[w3m-dev 03563] Directory Traversal Vulnerabilities in FTP Clients
* file.c (guess_save_name): pass guess_filename
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
Diffstat (limited to '')
-rw-r--r-- | file.c | 18 |
1 files changed, 8 insertions, 10 deletions
@@ -1,4 +1,4 @@ -/* $Id: file.c,v 1.158 2002/12/10 15:36:10 ukai Exp $ */ +/* $Id: file.c,v 1.159 2002/12/13 00:09:50 ukai Exp $ */ #include "fm.h" #include <sys/types.h> #include "myctype.h" @@ -7832,16 +7832,14 @@ guess_save_name(Buffer *buf, char *path) char *p, *q; if ((p = checkHeader(buf, "Content-Disposition:")) != NULL && (q = strcasestr(p, "filename")) != NULL && - (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';')) { - if (matchattr(q, "filename", 8, &name)) - return name->ptr; - } - if ((p = checkHeader(buf, "Content-Type:")) != NULL && + (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';') && + matchattr(q, "filename", 8, &name)) + path = name->ptr; + else if ((p = checkHeader(buf, "Content-Type:")) != NULL && (q = strcasestr(p, "name")) != NULL && - (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';')) { - if (matchattr(q, "name", 4, &name)) - return name->ptr; - } + (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';') && + matchattr(q, "name", 4, &name)) + path = name->ptr; } return guess_filename(path); } |