>Synopsis: ftp(1) fails when HTTP redirected to a relative URI containing
>the string "://"
>Category: user
>Environment:
System : OpenBSD 5.9
Details : OpenBSD 5.9-beta (GENERIC.MP) #1782: Sun Dec 27 10:13:53
MST 2015
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
When ftp(1) receives a HTTP redirect to a relative URI which happens to
contain the string "://", following the redirect fails.
>How-To-Repeat:
% ftp "http://web.archive.org/web/http://www.openbsd.org/index.html";
Trying 207.241.226.190...
Requesting http://web.archive.org/web/http://www.openbsd.org/index.html
Redirected to /web/20151128143317/http://www.openbsd.org/index.html
ftp: url_get: Invalid URL
'/web/20151128143317/http://www.openbsd.org/index.html'
>Fix:
Patch attached.
--
Lauri Tirkkonen | lotheac @ IRCnet
Index: usr.bin/ftp/fetch.c
===================================================================
RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
retrieving revision 1.143
diff -u -p -r1.143 fetch.c
--- usr.bin/ftp/fetch.c 13 Oct 2015 08:53:43 -0000 1.143
+++ usr.bin/ftp/fetch.c 30 Dec 2015 09:23:39 -0000
@@ -833,7 +833,9 @@ again:
} else if (isredirect &&
strncasecmp(cp, LOCATION, sizeof(LOCATION) - 1) == 0) {
cp += sizeof(LOCATION) - 1;
- if (strstr(cp, "://") == NULL) {
+ /* If there is a colon before the first slash, this URI
+ * is not relative */
+ if (cp[strcspn(cp, ":/")] != ':') {
#ifdef SMALL
errx(1, "Relative redirect not supported");
#else /* SMALL */
