Date: Sun, 30 Dec 2001 21:30:02 -0800 (PST) From: Pierre-Paul Lavoie <ppl@nbnet.nb.ca> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/16938: FTP does not fully parse ftp:// URLs Message-ID: <200112310530.fBV5U2C08863@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/16938; it has been noted by GNATS. From: Pierre-Paul Lavoie <ppl@nbnet.nb.ca> To: freebsd-gnats-submit@FreeBSD.org, kientzle@acm.org Cc: Subject: Re: misc/16938: FTP does not fully parse ftp:// URLs Date: Mon, 31 Dec 2001 01:25:17 -0400 here a patch that worked for me: --- fetch.c Mon Dec 31 01:05:01 2001 +++ /fetch-patch.c Mon Dec 31 01:04:51 2001 @@ -88,6 +88,33 @@ jmp_buf httpabort; /* + * Decode the %XX escapes in the string. + * return -1 on failure, 0 on success + */ +static int +url_decode(str) + char *str; +{ + char v[3] = "XX"; + char *vp; + + if (str == NULL) + return 0; + + while ( (str = strchr(str, '%')) != NULL) + { + if (isxdigit(*(str+1)) == 0 || isxdigit(*(str+2)) == 0) + return -1; + + v[0] = *(str+1); + v[1] = *(str+2); + *str = (char)strtol(v, &vp, 16); + memmove(str+1, str+3, strlen(str+3) + 1); + } + return 0; +} + +/* * Retrieve URL, via the proxy in $proxyvar if necessary. * Modifies the string argument given. * Returns -1 on failure, 0 on success @@ -160,6 +187,12 @@ goto cleanup_url_get; } + if (url_decode(path) == -1 || url_decode(savefile) == -1) + { + warnx("Invalid URL (invalid encoding): %s", origline); + goto cleanup_url_get; + } + if (proxyenv != NULL) { /* use proxy */ proxy = strdup(proxyenv); if (proxy == NULL) @@ -589,6 +622,10 @@ dir = NULL; } } + if (url_decode(user) == -1 || url_decode(pass) == -1 || + url_decode(dir) == -1 || url_decode(file) == -1) + goto bad_ftp_url; + if (debug) printf("user %s:%s host %s port %s dir %s file %s\n", user, pass, host, portnum, dir, file); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112310530.fBV5U2C08863>