bin/127280: [patch] fetch/libfetch RFC 1738 %2F escaped slash
handling
Matt Koivisto
mkoivisto at sandvine.com
Wed Sep 10 21:00:09 UTC 2008
>Number: 127280
>Category: bin
>Synopsis: [patch] fetch/libfetch RFC 1738 %2F escaped slash handling
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Sep 10 21:00:09 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Matt Koivisto
>Release: RELENG_6_3
>Organization:
Sandvine
>Environment:
>Description:
RFC 1738 specifies:
> ...the URL <URL:ftp://myname@host.dom/%2Fetc/motd> is interpreted by FTP-ing to
> "host.dom", logging in as "myname" (prompting for a password if it is asked
> for), and then executing "CWD /etc" and then "RETR motd". This has a different
> meaning from <URL:ftp://myname@host.dom/etc/motd> which would "CWD etc" and
> then "RETR motd"; the initial "CWD" might be executed relative to the default
> directory for "myname".
As a first step to fixing bin/83277, enable handling of "%2F" escaped slash in fetch and libfetch.
This patch is agaist HEAD.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
--- src/usr.bin/fetch/fetch.c
+++ src/usr.bin/fetch/fetch.c.new
@@ -724,11 +724,11 @@
main(int argc, char *argv[])
{
struct stat sb;
struct sigaction sa;
const char *p, *s;
- char *end, *q;
+ char *end, *q, *esc;
int c, e, r;
while ((c = getopt(argc, argv,
"146AaB:bc:dFf:Hh:lMmN:nPpo:qRrS:sT:tUvw:")) != -1)
switch (c) {
@@ -936,10 +936,18 @@
p++;
if (!*p)
p = "fetch.out";
+ /*
+ * Handle any escaped slashes in path when determining local
+ * filename. fetchParseURL handles any escaped slashes in the
+ * URL
+ */
+ while ((esc = strcasestr(p, "%2F")) != NULL)
+ p = &esc[3];
+
fetchLastErrCode = 0;
if (o_flag) {
if (o_stdout) {
e = fetch(*argv, "-");
--- src/lib/libfetch/fetch.c
+++ src/lib/libfetch/fetch.c.new
@@ -302,11 +302,11 @@
* This almost, but not quite, RFC1738 URL syntax.
*/
struct url *
fetchParseURL(const char *URL)
{
- char *doc;
+ char *doc, *esc;
const char *p, *q;
struct url *u;
int i;
/* allocate struct url */
@@ -408,10 +408,18 @@
} else if ((u->doc = strdup(p)) == NULL) {
fetch_syserr();
goto ouch;
}
+ while (strcasecmp(u->scheme, SCHEME_FTP) == 0 &&
+ ((esc = strcasestr(u->doc, "%2F")) != NULL)) {
+
+ esc[0] = '/';
+ esc[1] = '\0';
+ strcat(u->doc,&esc[3]);
+ }
+
DEBUG(fprintf(stderr,
"scheme: [%s]\n"
"user: [%s]\n"
"password: [%s]\n"
"host: [%s]\n"
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list