From owner-freebsd-bugs  Sun Dec 30 21:30:12 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 17DB537B41D
	for <freebsd-bugs@hub.freebsd.org>; Sun, 30 Dec 2001 21:30:02 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id fBV5U2C08863;
	Sun, 30 Dec 2001 21:30:02 -0800 (PST)
	(envelope-from gnats)
Date: Sun, 30 Dec 2001 21:30:02 -0800 (PST)
Message-Id: <200112310530.fBV5U2C08863@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Pierre-Paul Lavoie <ppl@nbnet.nb.ca>
Subject: Re: misc/16938: FTP does not fully parse ftp:// URLs
Reply-To: Pierre-Paul Lavoie <ppl@nbnet.nb.ca>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR misc/16938; it has been noted by GNATS.

From: Pierre-Paul Lavoie <ppl@nbnet.nb.ca>
To: freebsd-gnats-submit@FreeBSD.org, kientzle@acm.org
Cc:  
Subject: Re: misc/16938: FTP does not fully parse ftp:// URLs
Date: Mon, 31 Dec 2001 01:25:17 -0400

 here a patch that worked for me:
 
 
 --- fetch.c	Mon Dec 31 01:05:01 2001
 +++ /fetch-patch.c	Mon Dec 31 01:04:51 2001
 @@ -88,6 +88,33 @@
  jmp_buf	httpabort;
  
  /*
 + * Decode the %XX escapes in the string.
 + * return -1 on failure, 0 on success
 + */
 +static int
 +url_decode(str)
 +	char *str;
 +{
 +	char v[3] = "XX";
 +	char *vp;
 +
 +	if (str == NULL)
 +		return 0;
 +
 +	while ( (str = strchr(str, '%')) != NULL)
 +	{
 +		if (isxdigit(*(str+1)) == 0 || isxdigit(*(str+2)) == 0)
 +			return -1;
 +
 +		v[0] = *(str+1);
 +		v[1] = *(str+2);
 +		*str = (char)strtol(v, &vp, 16);
 +		memmove(str+1, str+3, strlen(str+3) + 1);
 +	}
 +	return 0;
 +}
 +
 +/*
   * Retrieve URL, via the proxy in $proxyvar if necessary.
   * Modifies the string argument given.
   * Returns -1 on failure, 0 on success
 @@ -160,6 +187,12 @@
  		goto cleanup_url_get;
  	}
  
 +	if (url_decode(path) == -1 || url_decode(savefile) == -1)
 +	{
 +		warnx("Invalid URL (invalid encoding): %s", origline);
 +		goto cleanup_url_get;
 +	}
 +
  	if (proxyenv != NULL) {				/* use proxy */
  		proxy = strdup(proxyenv);
  		if (proxy == NULL)
 @@ -589,6 +622,10 @@
  				dir = NULL;
  			}
  		}
 +		if (url_decode(user) == -1 || url_decode(pass) == -1 || 
 +							url_decode(dir) == -1 || url_decode(file) == -1)
 +			goto bad_ftp_url;
 +
  		if (debug)
  			printf("user %s:%s host %s port %s dir %s file %s\n",
  			    user, pass, host, portnum, dir, file);

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message