b736114294
By default, on server redirects, use the original URL to get the local file name. ok naddy@ additional testing by kevlo@, thanks.
19 lines
682 B
Plaintext
19 lines
682 B
Plaintext
$OpenBSD: patch-src_retr_c,v 1.1 2010/09/13 16:48:11 jasper Exp $
|
|
|
|
By default, on server redirects, use the original URL to get the
|
|
local file name. Fixes CVE-2010-2252.
|
|
Diff from upstream.
|
|
|
|
--- src/retr.c.orig Fri Sep 4 18:31:54 2009
|
|
+++ src/retr.c Mon Sep 13 10:13:32 2010
|
|
@@ -689,7 +689,8 @@ retrieve_url (struct url * orig_parsed, const char *or
|
|
#endif
|
|
|| (proxy_url && proxy_url->scheme == SCHEME_HTTP))
|
|
{
|
|
- result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri);
|
|
+ result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,
|
|
+ proxy_url, iri);
|
|
}
|
|
else if (u->scheme == SCHEME_FTP)
|
|
{
|