Re: [Bug-wget] [PATCH 03/25] Bugfix: Fix NULL filename and output_stream in Metalink module

[Matthew White]

On Sun, 11 Sep 2016 21:59:12 +0200
Giuseppe Scrivano  wrote:

> Matthew White  writes:
> 
> > +  */
> > +  if (!output_stream && (output_stream = fopen (filename, 
> > "rb")))
> > +{
> > +  fclose (output_stream);
> > +  output_stream = fopen (filename, "ab");
> > +}
> 
> please use file_exists_p instead of opening and closing the file:
> 
> if (!output_stream && file_exists_p (output_stream))
>output_stream = fopen (filename, "ab");

Thanks Giuseppe.

Amended with 'if (!output_stream && file_exists_p (filename))'.

Posting after final decisions are taken about open topics in this series of 
patches.

> 
> Giuseppe

Regards,
Matthew

-- 
Matthew White 


pgpQEaQaRyApj.pgp
Description: PGP signature

Re: [Bug-wget] [PATCH 03/25] Bugfix: Fix NULL filename and output_stream in Metalink module

[Giuseppe Scrivano]

Matthew White  writes:

> +  */
> +  if (!output_stream && (output_stream = fopen (filename, "rb")))
> +{
> +  fclose (output_stream);
> +  output_stream = fopen (filename, "ab");
> +}

please use file_exists_p instead of opening and closing the file:

if (!output_stream && file_exists_p (output_stream))
   output_stream = fopen (filename, "ab");

Giuseppe

[Bug-wget] [PATCH 03/25] Bugfix: Fix NULL filename and output_stream in Metalink module

[Matthew White]

[Coverity Scan is ok, make syntax-check is ok, make check-valgrind is ok, 
contrib/check-hard is ok]

This fixes some problems leading to a possible segmentation fault, and conforms 
to the RFC5854 standard.

The following description is verbatim from the patch:
-
If unique_create() cannot create/open the destination file, filename
and output_stream remain NULL. If fopen() is used instead, filename
always remains NULL. Both functions cannot create "path/file" trees.

Setting filename to the right value is sufficient to prevent SIGSEGV
generating from testing a NULL value. This also allows retrieve_url()
to create a "path/file" tree through opt.output_document.

Reading NULL as output_stream, when it shall not be, leads to wrong
results. For instance, a non-NULL output_stream tells when a stream
was interrupted, reading NULL instead means to assume the contrary.
-

Regards,
Matthew

-- 
Matthew White 
>From e3e69bc551a0f3794f8da3fdb421c2868d6e8326 Mon Sep 17 00:00:00 2001
From: Matthew White 
Date: Thu, 28 Jul 2016 17:10:46 +0200
Subject: [PATCH 03/25] Bugfix: Fix NULL filename and output_stream in Metalink
 module

* src/metalink.c (retrieve_from_metalink): Fix NULL filename, set
  filename to the right "path/file" value
* src/metalink.c (retrieve_from_metalink): Fix NULL output_stream, set
  output_stream to filename when it is created by retrieve_url()
* src/metalink.c (retrieve_from_metalink): Add RFC5854 comments about
  proper metalink:file "path/file" name format handling
* doc/metalink.txt: Update document. Remove resolved bugs

If unique_create() cannot create/open the destination file, filename
and output_stream remain NULL. If fopen() is used instead, filename
always remains NULL. Both functions cannot create "path/file" trees.

Setting filename to the right value is sufficient to prevent SIGSEGV
generating from testing a NULL value. This also allows retrieve_url()
to create a "path/file" tree through opt.output_document.

Reading NULL as output_stream, when it shall not be, leads to wrong
results. For instance, a non-NULL output_stream tells when a stream
was interrupted, reading NULL instead means to assume the contrary.

This patch conforms to the RFC5854 specification:
  The Metalink Download Description Format
  4.1.2.1.  The "name" Attribute
  https://tools.ietf.org/html/rfc5854#section-4.1.2.1
---
 doc/metalink.txt | 139 ++-
 src/metalink.c   |  33 -
 2 files changed, 117 insertions(+), 55 deletions(-)

diff --git a/doc/metalink.txt b/doc/metalink.txt
index 31734a3..0f3706a 100644
--- a/doc/metalink.txt
+++ b/doc/metalink.txt
@@ -1,24 +1,26 @@
-GNU Wget Metalink module (--input-metalink)
+GNU Wget Metalink module
 
-  Evaluation of "Directory Options" on the command line
+  Evaluation of the Metalink/XML and Metalink/HTTP implementations
 
 
 1. Introduction
 ***
 
 This document, and the results contained in it, is focused over the
-testing of the metalink:file "path/file" name format.
+evaluation of the Metalink/XML and Metalink/HTTP implementations.
 
 The "Directory Options" mentioned here are used on the command line in
-conjunction with the option '--input-metalink=file':
+conjunction with the option '--input-metalink=file' for Metalink/XML,
+and '--metalink-over-http' for Metalink/HTTP.
 
-$ wget --input-metalink=file 
+$ wget --input-metalink= [directory options]
+$ wget --metalink-over-http [directory options] 
 
 2. Notes
 
 
-Tests containing a metalink:file "/path/file", "./path/file", or
-"../path/file" name shall be run manually due to security concerns.
+Tests for metalink:file names beginning with '/', '~/', './', or '../'
+(e.g. "/path/file") shall be run manually due to security concerns.
 
 3. Metalink files used as reference
 ***
@@ -47,17 +49,30 @@ EOF
 4.1 Implemented safety features
 ===
 
-Do not follow relative or absolute paths: "/path/file", "./path/file",
-and "../path/file" as metalink:file name formats are all ignored (wget
-refuses to start). The options --trust-server-names changes nothing.
+Any metalink:file name containing an absolute, relative, or home path
+(see '2. Notes') parsed from Metalink/XML files is rejected.
 
-4.2 Actual behaviour
-
+This is a libmetalink's design decision implemented in the function
+metalink_check_safe_path().  This feature shall not be modified.
 
-Given a metalink:file "path/file" name, if "path" exists, download
-"path/file", then compute its checksum. If "path" doesn't exist,
-download the url's file in the working directory; then the checksum
-fails: cannot find "path/file".
+All the above conform to the RFC5854 standard.
+
+References:
+ https://tools.ietf.org/html/rfc5854#section-4.1.2.1
+ https://tools.ietf.org/html/rfc5854#section-4.2.8.3
+
+4.2 File download behaviour
+===
+
+When a Metalink/XML file is parsed:
+1. create t