Mercurial > gftp.yaz

changeset 666:8ff1c1647b95

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
2005-1-18 Brian Masney <masneyb@gftp.org> * lib/protocols.c (gftp_get_next_file) - if the remote server sends a path with the filename, then strip the path off of the filename. If the path didn't match the current directory, then give the user a warning. A malicious server could change the path of the downloaded by adding /../ to the path
author masneyb
date Wed, 19 Jan 2005 01:56:48 +0000
parents ee326bacf8aa
children 6b6fbcf76d00
files ChangeLog lib/protocols.c
diffstat 2 files changed, 29 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Mon Jan 17 20:58:21 2005 +0000
+++ b/ChangeLog	Wed Jan 19 01:56:48 2005 +0000
@@ -1,3 +1,10 @@
+2005-1-18 Brian Masney <masneyb@gftp.org>
+	* lib/protocols.c (gftp_get_next_file) - if the remote server sends a
+	path with the filename, then strip the path off of the filename. If the
+	path didn't match the current directory, then give the user a warning.
+	A malicious server could change the path of the downloaded by adding
+	/../ to the path
+
 2005-1-16 Brian Masney <masneyb@gftp.org>
 	* configure.in lib/Makefile.am src/gtk/Makefile.am src/text/Makefile.am
 	lib/fsp.c - added FSP to the build system
@@ -3224,7 +3231,7 @@
 
 	* cvsclean - added this script
 
-	* *.[ch] - added $Id: ChangeLog,v 1.393 2005/01/16 16:15:04 masneyb Exp $ tags
+	* *.[ch] - added $Id: ChangeLog,v 1.394 2005/01/19 01:56:48 masneyb Exp $ tags
 
 	* debian/* - updated files from Debian maintainer
 
--- a/lib/protocols.c	Mon Jan 17 20:58:21 2005 +0000
+++ b/lib/protocols.c	Wed Jan 19 01:56:48 2005 +0000
@@ -595,6 +595,7 @@
 gftp_get_next_file (gftp_request * request, const char *filespec,
                     gftp_file * fle)
 {
+  char *slashpos, *newfile;
   int fd, ret;
 
   g_return_val_if_fail (request != NULL, GFTP_EFATAL);
@@ -612,6 +613,26 @@
     {
       gftp_file_destroy (fle, 0);
       ret = request->get_next_file (request, fle, fd);
+      if (fle->file != NULL && (slashpos = strrchr (fle->file, '/')) != NULL)
+        {
+          if (*(slashpos + 1) == '\0')
+            {
+              gftp_file_destroy (fle, 0);
+              continue;
+            }
+
+          *slashpos = '\0';
+          newfile = g_strdup (slashpos + 1);
+
+          if (strcmp (fle->file, request->directory) != 0)
+            request->logging_function (gftp_logging_error, request,
+                                       _("Warning: Stripping path off of file '%s'. The stripped path (%s) doesn't match the current directory (%s)\n"),
+                                       newfile, fle->file, request->directory,
+                                       g_strerror (errno));
+          
+          g_free (fle->file);
+          fle->file = newfile;
+        }
 
       if (ret >= 0 && fle->file != NULL)
         fle->utf8_file = gftp_string_to_utf8 (request, fle->file);