cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix directory traversal bug in FTP mode with wget which can potentially

Browse Source 
allow files to be written outside the download directory.

http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344
This commit is contained in:
brad 2002-12-10 18:37:24 +00:00
parent adf8863b15
commit a69012ebd6
3 changed files with 65 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
net/wget/Makefile
View File

@ -1,10 +1,10 @@
# $OpenBSD: Makefile,v 1.33 2002/05/15 17:42:25 espie Exp $ # $OpenBSD: Makefile,v 1.34 2002/12/10 18:37:24 brad Exp $
COMMENT= "retrieve files from the 'net via HTTP and FTP" COMMENT= "retrieve files from the 'net via HTTP and FTP"
DISTNAME= wget-1.7 DISTNAME= wget-1.7
PKGNAME= ${DISTNAME}p1
CATEGORIES= net CATEGORIES= net
NEED_VERSION= 1.460
MASTER_SITES= ${MASTER_SITE_GNU:=wget/} MASTER_SITES= ${MASTER_SITE_GNU:=wget/}
MASTER_SITES0= ftp://ftp.kame.net/pub/kame/misc/ MASTER_SITES0= ftp://ftp.kame.net/pub/kame/misc/
@ -34,6 +34,8 @@ CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
post-patch: post-patch:
@cd ${WRKSRC}; touch configure @cd ${WRKSRC}; touch configure
pre-build:
@mv -f ${WRKSRC}/doc/wget.texi ${WRKSRC}/doc/wget.texi.bak @mv -f ${WRKSRC}/doc/wget.texi ${WRKSRC}/doc/wget.texi.bak
@sed -e s#/usr/local/etc#${SYSCONFDIR}#g \ @sed -e s#/usr/local/etc#${SYSCONFDIR}#g \
-e s#/usr/local#${PREFIX}#g \ -e s#/usr/local#${PREFIX}#g \

21
net/wget/patches/patch-src_fnmatch_c Normal file
View File

@ -0,0 +1,21 @@
$OpenBSD: patch-src_fnmatch_c,v 1.1 2002/12/10 18:37:24 brad Exp $
--- src/fnmatch.c.orig Tue Dec 10 13:06:09 2002
+++ src/fnmatch.c Tue Dec 10 13:07:23 2002
@@ -188,6 +188,17 @@ fnmatch (const char *pattern, const char
return (FNM_NOMATCH);
}
+/* Return non-zero if S has a leading '/' or contains '../' */
+int
+has_invalid_name (const char *s)
+{
+ if (*s == '/')
+ return 1;
+ if (strstr(s, "../") != 0)
+ return 1;
+ return 0;
+}
+
/* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
`]'). */
int

40
net/wget/patches/patch-src_ftp_c Normal file
View File

@ -0,0 +1,40 @@
$OpenBSD: patch-src_ftp_c,v 1.1 2002/12/10 18:37:24 brad Exp $
--- src/ftp.c.orig Tue Dec 10 13:08:00 2002
+++ src/ftp.c Tue Dec 10 13:16:22 2002
@@ -1637,6 +1637,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc
{
struct fileinfo *orig, *start;
uerr_t res;
+ struct fileinfo *f;
con->cmd |= LEAVE_PENDING;
@@ -1648,8 +1649,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc
opt.accepts and opt.rejects. */
if (opt.accepts || opt.rejects)
{
- struct fileinfo *f = orig;
-
+ f = orig;
while (f)
{
if (f->type != FT_DIRECTORY && !acceptable (f->name))
@@ -1661,6 +1661,18 @@ ftp_retrieve_glob (struct urlinfo *u, cc
f = f->next;
}
}
+ /* Remove all files with possible harmful names */
+ f = orig;
+ while (f)
+ {
+ if (has_invalid_name(f->name))
+ {
+ logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
+ f = delelement (f, &start);
+ }
+ else
+ f = f->next;
+ }
/* Now weed out the files that do not match our globbing pattern.
If we are dealing with a globbing pattern, that is. */
if (*u->file && (action == GLOBALL || action == GETONE))