Mercurial > gftp.yaz
comparison lib/protocols.c @ 666:8ff1c1647b95
2005-1-18 Brian Masney <masneyb@gftp.org>
* lib/protocols.c (gftp_get_next_file) - if the remote server sends a
path with the filename, then strip the path off of the filename. If the
path didn't match the current directory, then give the user a warning.
A malicious server could change the path of the downloaded by adding
/../ to the path
author | masneyb |
---|---|
date | Wed, 19 Jan 2005 01:56:48 +0000 |
parents | cd38f25b7c5e |
children | 72a6de68d9c8 |
comparison
equal
deleted
inserted
replaced
665:ee326bacf8aa | 666:8ff1c1647b95 |
---|---|
593 | 593 |
594 int | 594 int |
595 gftp_get_next_file (gftp_request * request, const char *filespec, | 595 gftp_get_next_file (gftp_request * request, const char *filespec, |
596 gftp_file * fle) | 596 gftp_file * fle) |
597 { | 597 { |
598 char *slashpos, *newfile; | |
598 int fd, ret; | 599 int fd, ret; |
599 | 600 |
600 g_return_val_if_fail (request != NULL, GFTP_EFATAL); | 601 g_return_val_if_fail (request != NULL, GFTP_EFATAL); |
601 | 602 |
602 if (request->get_next_file == NULL) | 603 if (request->get_next_file == NULL) |
610 memset (fle, 0, sizeof (*fle)); | 611 memset (fle, 0, sizeof (*fle)); |
611 do | 612 do |
612 { | 613 { |
613 gftp_file_destroy (fle, 0); | 614 gftp_file_destroy (fle, 0); |
614 ret = request->get_next_file (request, fle, fd); | 615 ret = request->get_next_file (request, fle, fd); |
616 if (fle->file != NULL && (slashpos = strrchr (fle->file, '/')) != NULL) | |
617 { | |
618 if (*(slashpos + 1) == '\0') | |
619 { | |
620 gftp_file_destroy (fle, 0); | |
621 continue; | |
622 } | |
623 | |
624 *slashpos = '\0'; | |
625 newfile = g_strdup (slashpos + 1); | |
626 | |
627 if (strcmp (fle->file, request->directory) != 0) | |
628 request->logging_function (gftp_logging_error, request, | |
629 _("Warning: Stripping path off of file '%s'. The stripped path (%s) doesn't match the current directory (%s)\n"), | |
630 newfile, fle->file, request->directory, | |
631 g_strerror (errno)); | |
632 | |
633 g_free (fle->file); | |
634 fle->file = newfile; | |
635 } | |
615 | 636 |
616 if (ret >= 0 && fle->file != NULL) | 637 if (ret >= 0 && fle->file != NULL) |
617 fle->utf8_file = gftp_string_to_utf8 (request, fle->file); | 638 fle->utf8_file = gftp_string_to_utf8 (request, fle->file); |
618 | 639 |
619 if (ret >= 0 && !request->cached && request->cachefd > 0 && | 640 if (ret >= 0 && !request->cached && request->cachefd > 0 && |