From 0b9f61c0391b56adcf3c259b231580c84db8098c Mon Sep 17 00:00:00 2001 From: Fumitoshi UKAI Date: Fri, 13 Dec 2002 00:09:50 +0000 Subject: [w3m-dev 03563] Directory Traversal Vulnerabilities in FTP Clients * file.c (guess_save_name): pass guess_filename From: Hironori SAKAMOTO --- ChangeLog | 7 ++++++- file.c | 18 ++++++++---------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5b57bd0..0af6330 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2002-12-13 Hironori SAKAMOTO + + * [w3m-dev 03563] Directory Traversal Vulnerabilities in FTP Clients + * file.c (guess_save_name): pass guess_filename + 2002-12-13 Hironori SAKAMOTO * [w3m-dev 03562] #undef BUFINFO @@ -5746,4 +5751,4 @@ a * [w3m-dev 03276] compile error on EWS4800 * release-0-2-1 * import w3m-0.2.1 -$Id: ChangeLog,v 1.614 2002/12/12 23:55:30 ukai Exp $ +$Id: ChangeLog,v 1.615 2002/12/13 00:09:50 ukai Exp $ diff --git a/file.c b/file.c index 103ae9a..be97981 100644 --- a/file.c +++ b/file.c @@ -1,4 +1,4 @@ -/* $Id: file.c,v 1.158 2002/12/10 15:36:10 ukai Exp $ */ +/* $Id: file.c,v 1.159 2002/12/13 00:09:50 ukai Exp $ */ #include "fm.h" #include #include "myctype.h" @@ -7832,16 +7832,14 @@ guess_save_name(Buffer *buf, char *path) char *p, *q; if ((p = checkHeader(buf, "Content-Disposition:")) != NULL && (q = strcasestr(p, "filename")) != NULL && - (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';')) { - if (matchattr(q, "filename", 8, &name)) - return name->ptr; - } - if ((p = checkHeader(buf, "Content-Type:")) != NULL && + (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';') && + matchattr(q, "filename", 8, &name)) + path = name->ptr; + else if ((p = checkHeader(buf, "Content-Type:")) != NULL && (q = strcasestr(p, "name")) != NULL && - (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';')) { - if (matchattr(q, "name", 4, &name)) - return name->ptr; - } + (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';') && + matchattr(q, "name", 4, &name)) + path = name->ptr; } return guess_filename(path); } -- cgit v1.2.3