CVS commit: [netbsd-7] src/usr.bin/ftp

2017-03-17 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Sat Mar 18 05:02:28 UTC 2017

Modified Files:
src/usr.bin/ftp [netbsd-7]: fetch.c

Log Message:
Pull up following revision(s) (requested by nonaka in ticket #1353):
usr.bin/ftp/fetch.c: revision 1.227
Use the first name we requested the http/https URL for, not any name we ended
up with after random redirects.


To generate a diff of this commit:
cvs rdiff -u -r1.205.4.6 -r1.205.4.7 src/usr.bin/ftp/fetch.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.bin/ftp/fetch.c
diff -u src/usr.bin/ftp/fetch.c:1.205.4.6 src/usr.bin/ftp/fetch.c:1.205.4.7
--- src/usr.bin/ftp/fetch.c:1.205.4.6	Sun Dec 18 08:03:09 2016
+++ src/usr.bin/ftp/fetch.c	Sat Mar 18 05:02:28 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: fetch.c,v 1.205.4.6 2016/12/18 08:03:09 snj Exp $	*/
+/*	$NetBSD: fetch.c,v 1.205.4.7 2017/03/18 05:02:28 snj Exp $	*/
 
 /*-
  * Copyright (c) 1997-2015 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: fetch.c,v 1.205.4.6 2016/12/18 08:03:09 snj Exp $");
+__RCSID("$NetBSD: fetch.c,v 1.205.4.7 2017/03/18 05:02:28 snj Exp $");
 #endif /* not lint */
 
 /*
@@ -1368,6 +1368,12 @@ fetch_url(const char *url, const char *p
 			savefile = ftp_strdup(cp + 1);
 		else
 			savefile = ftp_strdup(decodedpath);
+		/*
+		 * Use the first URL we requested not the name after a
+		 * possible redirect, but careful to save it because our
+		 * "safety" check is the match to outfile.
+		 */
+		outfile = ftp_strdup(savefile);
 	}
 	DPRINTF("%s: savefile `%s'\n", __func__, savefile);
 	if (EMPTYSTRING(savefile)) {



CVS commit: [netbsd-7] src/usr.bin/ftp

2016-12-18 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Sun Dec 18 08:03:09 UTC 2016

Modified Files:
src/usr.bin/ftp [netbsd-7]: fetch.c

Log Message:
Pull up following revision(s) (requested by nonaka in ticket #1331):
usr.bin/ftp/fetch.c: revision 1.226
handle proxy authentication correctly.


To generate a diff of this commit:
cvs rdiff -u -r1.205.4.5 -r1.205.4.6 src/usr.bin/ftp/fetch.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.bin/ftp/fetch.c
diff -u src/usr.bin/ftp/fetch.c:1.205.4.5 src/usr.bin/ftp/fetch.c:1.205.4.6
--- src/usr.bin/ftp/fetch.c:1.205.4.5	Tue Nov  1 19:30:44 2016
+++ src/usr.bin/ftp/fetch.c	Sun Dec 18 08:03:09 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: fetch.c,v 1.205.4.5 2016/11/01 19:30:44 snj Exp $	*/
+/*	$NetBSD: fetch.c,v 1.205.4.6 2016/12/18 08:03:09 snj Exp $	*/
 
 /*-
  * Copyright (c) 1997-2015 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: fetch.c,v 1.205.4.5 2016/11/01 19:30:44 snj Exp $");
+__RCSID("$NetBSD: fetch.c,v 1.205.4.6 2016/12/18 08:03:09 snj Exp $");
 #endif /* not lint */
 
 /*
@@ -855,8 +855,7 @@ print_connect(FETCH *fin, const struct u
 #define C_OK 0
 #define C_CLEANUP 1
 #define C_IMPROPER 2
-#define C_PROXY 3
-#define C_NOPROXY 4
+#define C_RESTART 3
 
 static int
 getresponseline(FETCH *fin, char *buf, size_t buflen, int *len)
@@ -1086,7 +1085,7 @@ negotiate_connection(FETCH *fin, const c
 	case 401:
 	case 407:
 	{
-		struct  authinfo aauth;
+		struct authinfo aauth;
 		char **authp;
 
 		if (hcode == 401)
@@ -1121,7 +1120,8 @@ negotiate_connection(FETCH *fin, const c
 		authp = &aauth.auth;
 		if (auth_url(*auth, authp, &aauth) == 0) {
 			*rval = fetch_url(url, penv,
-			pauth->auth, wauth->auth);
+			hcode == 401 ? pauth->auth : aauth.auth,
+			hcode == 401 ? aauth.auth : wauth->auth);
 			memset(*authp, 0, strlen(*authp));
 			FREEPTR(*authp);
 		}
@@ -1216,6 +1216,34 @@ connectmethod(int s, FETCH *fin, struct 
 	switch (hcode) {
 	case 200:
 		break;
+#ifndef NO_AUTH
+	case 407:
+		if (verbose || pauth->auth == NULL ||
+		pauth->user == NULL || pauth->pass == NULL)
+			fprintf(ttyout, "%s\n", message);
+		if (EMPTYSTRING(*auth)) {
+			warnx("No authentication challenge provided by server");
+			goto cleanup_fetch_url;
+		}
+
+		if (pauth->auth != NULL) {
+			char reply[10];
+
+			fprintf(ttyout, "Authorization failed. Retry (y/n)? ");
+			if (get_line(stdin, reply, sizeof(reply), NULL)
+			< 0) {
+goto cleanup_fetch_url;
+			}
+			if (tolower((unsigned char)reply[0]) != 'y')
+goto cleanup_fetch_url;
+			pauth->user = NULL;
+			pauth->pass = NULL;
+		}
+
+		if (auth_url(*auth, &pauth->auth, pauth) == 0)
+			goto restart_fetch_url;
+		goto cleanup_fetch_url;
+#endif
 	default:
 		if (message)
 			warnx("Error proxy connect " "`%s'", message);
@@ -1236,6 +1264,9 @@ improper:
 cleanup_fetch_url:
 	rv = C_CLEANUP;
 	goto out;
+restart_fetch_url:
+	rv = C_RESTART;
+	goto out;
 out:
 	FREEPTR(message);
 	return rv;
@@ -1444,6 +1475,10 @@ fetch_url(const char *url, const char *p
 		if (isproxy && oui.utype == HTTPS_URL_T) {
 			switch (connectmethod(s, fin, &oui, &ui, &pauth, &auth,
 			&hasleading)) {
+			case C_RESTART:
+rval = fetch_url(url, penv, pauth.auth,
+wauth.auth);
+/*FALLTHROUGH*/
 			case C_CLEANUP:
 goto cleanup_fetch_url;
 			case C_IMPROPER:



CVS commit: [netbsd-7] src/usr.bin/ftp

2016-11-01 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Tue Nov  1 19:30:44 UTC 2016

Modified Files:
src/usr.bin/ftp [netbsd-7]: fetch.c

Log Message:
Pull up following revision(s) (requested by dholland in ticket #1265):
usr.bin/ftp/fetch.c: revision 1.225
PR/51558: ast@: ftp dumps core after usage message when IPv6 URL lacks a slash.
Initialize variable so that we don't get random behavior on cleanup.


To generate a diff of this commit:
cvs rdiff -u -r1.205.4.4 -r1.205.4.5 src/usr.bin/ftp/fetch.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.bin/ftp/fetch.c
diff -u src/usr.bin/ftp/fetch.c:1.205.4.4 src/usr.bin/ftp/fetch.c:1.205.4.5
--- src/usr.bin/ftp/fetch.c:1.205.4.4	Fri Apr 29 19:03:44 2016
+++ src/usr.bin/ftp/fetch.c	Tue Nov  1 19:30:44 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: fetch.c,v 1.205.4.4 2016/04/29 19:03:44 snj Exp $	*/
+/*	$NetBSD: fetch.c,v 1.205.4.5 2016/11/01 19:30:44 snj Exp $	*/
 
 /*-
  * Copyright (c) 1997-2015 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: fetch.c,v 1.205.4.4 2016/04/29 19:03:44 snj Exp $");
+__RCSID("$NetBSD: fetch.c,v 1.205.4.5 2016/11/01 19:30:44 snj Exp $");
 #endif /* not lint */
 
 /*
@@ -1295,6 +1295,7 @@ fetch_url(const char *url, const char *p
 	rval = 1;
 
 	initurlinfo(&ui);
+	initurlinfo(&oui);
 	initauthinfo(&wauth, wwwauth);
 	initauthinfo(&pauth, proxyauth);
 



CVS commit: [netbsd-7] src/usr.bin/ftp

2016-04-29 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Fri Apr 29 19:03:44 UTC 2016

Modified Files:
src/usr.bin/ftp [netbsd-7]: fetch.c

Log Message:
Pull up following revision(s) (requested by nonaka in ticket #1153):
usr.bin/ftp/fetch.c: revision 1.223
PR/51043: Yorick Hardy: ftp(1) should use the port number for CONNECT


To generate a diff of this commit:
cvs rdiff -u -r1.205.4.3 -r1.205.4.4 src/usr.bin/ftp/fetch.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.bin/ftp/fetch.c
diff -u src/usr.bin/ftp/fetch.c:1.205.4.3 src/usr.bin/ftp/fetch.c:1.205.4.4
--- src/usr.bin/ftp/fetch.c:1.205.4.3	Sun Mar 13 11:49:14 2016
+++ src/usr.bin/ftp/fetch.c	Fri Apr 29 19:03:44 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: fetch.c,v 1.205.4.3 2016/03/13 11:49:14 martin Exp $	*/
+/*	$NetBSD: fetch.c,v 1.205.4.4 2016/04/29 19:03:44 snj Exp $	*/
 
 /*-
  * Copyright (c) 1997-2015 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: fetch.c,v 1.205.4.3 2016/03/13 11:49:14 martin Exp $");
+__RCSID("$NetBSD: fetch.c,v 1.205.4.4 2016/04/29 19:03:44 snj Exp $");
 #endif /* not lint */
 
 /*
@@ -847,8 +847,8 @@ print_connect(FETCH *fin, const struct u
 	} else
 		h = ui->host;
 
-	fetch_printf(fin, "CONNECT %s:%s HTTP/1.1\r\n", h, ui->port);
-	fetch_printf(fin, "Host: %s:%s\r\n", h, ui->port);
+	fetch_printf(fin, "CONNECT %s:%d HTTP/1.1\r\n", h, ui->portnum);
+	fetch_printf(fin, "Host: %s:%d\r\n", h, ui->portnum);
 }
 #endif
 



CVS commit: [netbsd-7] src/usr.bin/ftp

2016-03-13 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sun Mar 13 11:49:14 UTC 2016

Modified Files:
src/usr.bin/ftp [netbsd-7]: cmds.c fetch.c ftp.c ftp_var.h ssl.c

Log Message:
Pull up following revision(s) (requested by nonakap in ticket #1133):
usr.bin/ftp/fetch.c: revision 1.208-1.221
usr.bin/ftp/cmds.c: revision 1.136-1.137
usr.bin/ftp/ssl.c: revision 1.5
usr.bin/ftp/ftp.c: revision 1.165-1.166
usr.bin/ftp/ftp_var.h: revision 1.84

Workaround const issues of SSL_set_tlsext_host_name.

Use the proper format "[IPv6 address]:port" when reporting connection
attempts to IPv6 endpoints.

(Hopefully) fix build without IPv6 support

Try to factor out some code, this is completely out of control.

Separate no_proxy handling.

Factor the proxy handling code out.

Fix compile failure without WITH_SSL.

PR/50438: NONAKA Kimihiro: ftp(1): CONNECT method support

make DPRINTF/DWARN always statements.

Fix to connect https via proxy.

Fix ttyout message.

Simplify and factor out connect message

Split the position/size parsing into a separate function.

Mark function as only needed with ssl.

Fix downloads of local files using file:// URLs

Initialize the token match pointer.

use sizeof() and array notation.
CID 1354295: Array overrun.


To generate a diff of this commit:
cvs rdiff -u -r1.135 -r1.135.8.1 src/usr.bin/ftp/cmds.c
cvs rdiff -u -r1.205.4.2 -r1.205.4.3 src/usr.bin/ftp/fetch.c
cvs rdiff -u -r1.164 -r1.164.10.1 src/usr.bin/ftp/ftp.c
cvs rdiff -u -r1.82.8.1 -r1.82.8.2 src/usr.bin/ftp/ftp_var.h
cvs rdiff -u -r1.2.14.1 -r1.2.14.2 src/usr.bin/ftp/ssl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.bin/ftp/cmds.c
diff -u src/usr.bin/ftp/cmds.c:1.135 src/usr.bin/ftp/cmds.c:1.135.8.1
--- src/usr.bin/ftp/cmds.c:1.135	Sat Dec 22 16:57:09 2012
+++ src/usr.bin/ftp/cmds.c	Sun Mar 13 11:49:14 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: cmds.c,v 1.135 2012/12/22 16:57:09 christos Exp $	*/
+/*	$NetBSD: cmds.c,v 1.135.8.1 2016/03/13 11:49:14 martin Exp $	*/
 
 /*-
  * Copyright (c) 1996-2009 The NetBSD Foundation, Inc.
@@ -96,7 +96,7 @@
 #if 0
 static char sccsid[] = "@(#)cmds.c	8.6 (Berkeley) 10/9/94";
 #else
-__RCSID("$NetBSD: cmds.c,v 1.135 2012/12/22 16:57:09 christos Exp $");
+__RCSID("$NetBSD: cmds.c,v 1.135.8.1 2016/03/13 11:49:14 martin Exp $");
 #endif
 #endif /* not lint */
 
@@ -1967,15 +1967,15 @@ dotrans(char *dst, size_t dlen, const ch
 	char *cp2 = dst;
 	size_t i, ostop;
 
-	for (ostop = 0; *(ntout + ostop) && ostop < 16; ostop++)
+	for (ostop = 0; ntout[ostop] && ostop < sizeof(ntout); ostop++)
 		continue;
 	for (cp1 = src; *cp1; cp1++) {
 		int found = 0;
-		for (i = 0; *(ntin + i) && i < 16; i++) {
-			if (*cp1 == *(ntin + i)) {
+		for (i = 0; i < sizeof(ntin) && ntin[i]; i++) {
+			if (*cp1 == ntin[i]) {
 found++;
 if (i < ostop) {
-	*cp2++ = *(ntout + i);
+	*cp2++ = ntout[i];
 	if (cp2 - dst >= (ptrdiff_t)(dlen - 1))
 		goto out;
 }

Index: src/usr.bin/ftp/fetch.c
diff -u src/usr.bin/ftp/fetch.c:1.205.4.2 src/usr.bin/ftp/fetch.c:1.205.4.3
--- src/usr.bin/ftp/fetch.c:1.205.4.2	Thu Nov  5 05:26:38 2015
+++ src/usr.bin/ftp/fetch.c	Sun Mar 13 11:49:14 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: fetch.c,v 1.205.4.2 2015/11/05 05:26:38 riz Exp $	*/
+/*	$NetBSD: fetch.c,v 1.205.4.3 2016/03/13 11:49:14 martin Exp $	*/
 
 /*-
  * Copyright (c) 1997-2015 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: fetch.c,v 1.205.4.2 2015/11/05 05:26:38 riz Exp $");
+__RCSID("$NetBSD: fetch.c,v 1.205.4.3 2016/03/13 11:49:14 martin Exp $");
 #endif /* not lint */
 
 /*
@@ -74,27 +74,47 @@ __RCSID("$NetBSD: fetch.c,v 1.205.4.2 20
 typedef enum {
 	UNKNOWN_URL_T=-1,
 	HTTP_URL_T,
-#ifdef WITH_SSL
 	HTTPS_URL_T,
-#endif
 	FTP_URL_T,
 	FILE_URL_T,
 	CLASSIC_URL_T
 } url_t;
 
+struct authinfo {
+	char *auth;
+	char *user;
+	char *pass;
+};
+
+struct urlinfo {
+	char *host;
+	char *port;
+	char *path;
+	url_t utype;
+	in_port_t portnum;
+};
+
+struct posinfo {
+	off_t rangestart;
+	off_t rangeend;
+	off_t entitylen;
+};
+
 __dead static void	aborthttp(int);
 __dead static void	timeouthttp(int);
 #ifndef NO_AUTH
-static int	auth_url(const char *, char **, const char *, const char *);
+static int	auth_url(const char *, char **, const struct authinfo *);
 static void	base64_encode(const unsigned char *, size_t, unsigned char *);
 #endif
 static int	go_fetch(const char *);
 static int	fetch_ftp(const char *);
 static int	fetch_url(const char *, const char *, char *, char *);
 static const char *match_token(const char **, const char *);
-static int	parse_url(const char *, const char *, url_t *, char **,
-			char **, char **, char **, in_port_t *, char **);
+static int	parse_url(const char *, const char *, struct urlinfo *,
+struct authinfo *);
 static void	url_decode(char *);
+static void	freeauthinfo(struct authinfo *);
+sta

CVS commit: [netbsd-7] src/usr.bin/ftp

2015-11-04 Thread Jeff Rizzo
Module Name:src
Committed By:   riz
Date:   Thu Nov  5 05:26:38 UTC 2015

Modified Files:
src/usr.bin/ftp [netbsd-7]: fetch.c ftp.1 main.c ssl.c ssl.h version.h

Log Message:
Pull up following revision(s) (requested by wiz in ticket #981):
usr.bin/ftp/ftp.1: revision 1.135
usr.bin/ftp/ssl.c: revision 1.3
usr.bin/ftp/ssl.c: revision 1.4
usr.bin/ftp/ssl.h: revision 1.3
usr.bin/ftp/version.h: revision 1.86
usr.bin/ftp/version.h: revision 1.87
usr.bin/ftp/fetch.c: revision 1.207
usr.bin/ftp/main.c: revision 1.123
Add  -x xferbufsize  to set xferbuf size.
Implement  -x xferbufsize  set the socket send and receive buffer size,
as per 'xferbuf' in interactive mode.
Patch from Nicholas Mills (via private mail), with minor adjustment by me.
Add Server Name Indication (SNI) support for https.
Needed for e.g. some github URLs.
Bump version for SNI support.
servername cannot be NULL here.
Noted by joerg@.


To generate a diff of this commit:
cvs rdiff -u -r1.205.4.1 -r1.205.4.2 src/usr.bin/ftp/fetch.c
cvs rdiff -u -r1.134 -r1.134.8.1 src/usr.bin/ftp/ftp.1
cvs rdiff -u -r1.122 -r1.122.8.1 src/usr.bin/ftp/main.c
cvs rdiff -u -r1.2 -r1.2.14.1 src/usr.bin/ftp/ssl.c
cvs rdiff -u -r1.2 -r1.2.4.1 src/usr.bin/ftp/ssl.h
cvs rdiff -u -r1.84.6.1 -r1.84.6.2 src/usr.bin/ftp/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.bin/ftp/fetch.c
diff -u src/usr.bin/ftp/fetch.c:1.205.4.1 src/usr.bin/ftp/fetch.c:1.205.4.2
--- src/usr.bin/ftp/fetch.c:1.205.4.1	Sun Oct 26 16:47:12 2014
+++ src/usr.bin/ftp/fetch.c	Thu Nov  5 05:26:38 2015
@@ -1,7 +1,7 @@
-/*	$NetBSD: fetch.c,v 1.205.4.1 2014/10/26 16:47:12 martin Exp $	*/
+/*	$NetBSD: fetch.c,v 1.205.4.2 2015/11/05 05:26:38 riz Exp $	*/
 
 /*-
- * Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 1997-2015 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
  * This code is derived from software contributed to The NetBSD Foundation
@@ -10,6 +10,9 @@
  * This code is derived from software contributed to The NetBSD Foundation
  * by Scott Aaron Bamford.
  *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Thomas Klausner.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,7 +37,7 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: fetch.c,v 1.205.4.1 2014/10/26 16:47:12 martin Exp $");
+__RCSID("$NetBSD: fetch.c,v 1.205.4.2 2015/11/05 05:26:38 riz Exp $");
 #endif /* not lint */
 
 /*
@@ -782,7 +785,7 @@ fetch_url(const char *url, const char *p
 
 #ifdef WITH_SSL
 			if (urltype == HTTPS_URL_T) {
-if ((ssl = fetch_start_ssl(s)) == NULL) {
+if ((ssl = fetch_start_ssl(s, host)) == NULL) {
 	close(s);
 	s = -1;
 	continue;

Index: src/usr.bin/ftp/ftp.1
diff -u src/usr.bin/ftp/ftp.1:1.134 src/usr.bin/ftp/ftp.1:1.134.8.1
--- src/usr.bin/ftp/ftp.1:1.134	Sat Dec 22 16:57:10 2012
+++ src/usr.bin/ftp/ftp.1	Thu Nov  5 05:26:38 2015
@@ -1,6 +1,6 @@
-.\" 	$NetBSD: ftp.1,v 1.134 2012/12/22 16:57:10 christos Exp $
+.\" 	$NetBSD: ftp.1,v 1.134.8.1 2015/11/05 05:26:38 riz Exp $
 .\"
-.\" Copyright (c) 1996-2010 The NetBSD Foundation, Inc.
+.\" Copyright (c) 1996-2015 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This code is derived from software contributed to The NetBSD Foundation
@@ -57,7 +57,7 @@
 .\"
 .\"	@(#)ftp.1	8.3 (Berkeley) 10/9/94
 .\"
-.Dd December 22, 2012
+.Dd April 24, 2015
 .Dt FTP 1
 .Os
 .Sh NAME
@@ -84,6 +84,7 @@
 .Xc
 .Oc
 .Ek
+.Op Fl x Ar xferbufsize
 .Bk -words
 .\" [[user@]host [port]]
 .Oo
@@ -311,6 +312,12 @@ Forces
 .Nm
 to show all responses from the remote server, as well
 as report on data transfer statistics.
+.It Fl x Ar xferbufsize
+Set the size of the socket send and receive buffers to
+.Ar xferbufsize .
+Refer to
+.Ic xferbuf
+for more information.
 .El
 .Pp
 The client host with which

Index: src/usr.bin/ftp/main.c
diff -u src/usr.bin/ftp/main.c:1.122 src/usr.bin/ftp/main.c:1.122.8.1
--- src/usr.bin/ftp/main.c:1.122	Sat Dec 22 16:57:10 2012
+++ src/usr.bin/ftp/main.c	Thu Nov  5 05:26:38 2015
@@ -1,7 +1,7 @@
-/*	$NetBSD: main.c,v 1.122 2012/12/22 16:57:10 christos Exp $	*/
+/*	$NetBSD: main.c,v 1.122.8.1 2015/11/05 05:26:38 riz Exp $	*/
 
 /*-
- * Copyright (c) 1996-2009 The NetBSD Foundation, Inc.
+ * Copyright (c) 1996-2015 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
  * This code is derived from software contributed to The NetBSD Foundation
@@ -91,14 +91,14 @@
 #ifndef lint
 __COPYRIGHT("@(#) Copyright (c) 1985, 1989, 1993, 1994\
  The Regents of the University of California.  All rights reserved.\
-  Copyright 1996-2008 The NetBSD Foundation, Inc.  All rights reserved");
+  Copyright 1996-2015 The NetBSD Foundation, Inc.  All rights reserved");
 #endif /* not lint */
 

CVS commit: [netbsd-7] src/usr.bin/ftp

2015-04-13 Thread Soren Jacobsen
Module Name:src
Committed By:   snj
Date:   Tue Apr 14 05:10:38 UTC 2015

Modified Files:
src/usr.bin/ftp [netbsd-7]: ftp_var.h

Log Message:
Pull up following revision(s) (requested by christos in ticket #685):
usr.bin/ftp/ftp_var.h: revision 1.83
Increase the buffer limit; otherwise files in:
http://www.taxdetective.ca/Samples/sampledatafiles.html
fail.


To generate a diff of this commit:
cvs rdiff -u -r1.82 -r1.82.8.1 src/usr.bin/ftp/ftp_var.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.bin/ftp/ftp_var.h
diff -u src/usr.bin/ftp/ftp_var.h:1.82 src/usr.bin/ftp/ftp_var.h:1.82.8.1
--- src/usr.bin/ftp/ftp_var.h:1.82	Fri Dec 21 18:07:36 2012
+++ src/usr.bin/ftp/ftp_var.h	Tue Apr 14 05:10:38 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: ftp_var.h,v 1.82 2012/12/21 18:07:36 christos Exp $	*/
+/*	$NetBSD: ftp_var.h,v 1.82.8.1 2015/04/14 05:10:38 snj Exp $	*/
 
 /*-
  * Copyright (c) 1996-2009 The NetBSD Foundation, Inc.
@@ -169,7 +169,7 @@ enum {
 /*
  * Global defines
  */
-#define	FTPBUFLEN	MAXPATHLEN + 200
+#define	FTPBUFLEN	(4 * MAXPATHLEN)
 #define	MAX_IN_PORT_T	0xU
 
 #define	HASHBYTES	1024	/* default mark for `hash' command */



CVS commit: [netbsd-7] src/usr.bin/ftp

2014-10-31 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Fri Oct 31 08:30:06 UTC 2014

Modified Files:
src/usr.bin/ftp [netbsd-7]: version.h

Log Message:
Pull up following revision(s) (requested by lukem in ticket #172):
usr.bin/ftp/version.h: revision 1.85
Version 20141026
Ignore special characters unless they're from the command line.
Fixes CVE-2014-8517


To generate a diff of this commit:
cvs rdiff -u -r1.84 -r1.84.6.1 src/usr.bin/ftp/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.bin/ftp/version.h
diff -u src/usr.bin/ftp/version.h:1.84 src/usr.bin/ftp/version.h:1.84.6.1
--- src/usr.bin/ftp/version.h:1.84	Sun May  5 10:40:19 2013
+++ src/usr.bin/ftp/version.h	Fri Oct 31 08:30:06 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: version.h,v 1.84 2013/05/05 10:40:19 lukem Exp $	*/
+/*	$NetBSD: version.h,v 1.84.6.1 2014/10/31 08:30:06 martin Exp $	*/
 
 /*-
  * Copyright (c) 1999-2009 The NetBSD Foundation, Inc.
@@ -34,5 +34,5 @@
 #endif
 
 #ifndef FTP_VERSION
-#define	FTP_VERSION	"20130220"
+#define	FTP_VERSION	"20141026"
 #endif



CVS commit: [netbsd-7] src/usr.bin/ftp

2014-10-26 Thread Martin Husemann
Module Name:src
Committed By:   martin
Date:   Sun Oct 26 16:47:12 UTC 2014

Modified Files:
src/usr.bin/ftp [netbsd-7]: fetch.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #158):
usr.bin/ftp/fetch.c: revision 1.206
don't pay attention to special characters if they don't come from the command
line (from jmcneill)


To generate a diff of this commit:
cvs rdiff -u -r1.205 -r1.205.4.1 src/usr.bin/ftp/fetch.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.bin/ftp/fetch.c
diff -u src/usr.bin/ftp/fetch.c:1.205 src/usr.bin/ftp/fetch.c:1.205.4.1
--- src/usr.bin/ftp/fetch.c:1.205	Thu Nov  7 02:06:51 2013
+++ src/usr.bin/ftp/fetch.c	Sun Oct 26 16:47:12 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: fetch.c,v 1.205 2013/11/07 02:06:51 christos Exp $	*/
+/*	$NetBSD: fetch.c,v 1.205.4.1 2014/10/26 16:47:12 martin Exp $	*/
 
 /*-
  * Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: fetch.c,v 1.205 2013/11/07 02:06:51 christos Exp $");
+__RCSID("$NetBSD: fetch.c,v 1.205.4.1 2014/10/26 16:47:12 martin Exp $");
 #endif /* not lint */
 
 /*
@@ -571,7 +571,7 @@ fetch_url(const char *url, const char *p
 	url_decode(decodedpath);
 
 	if (outfile)
-		savefile = ftp_strdup(outfile);
+		savefile = outfile;
 	else {
 		cp = strrchr(decodedpath, '/');		/* find savefile */
 		if (cp != NULL)
@@ -595,8 +595,7 @@ fetch_url(const char *url, const char *p
 	rangestart = rangeend = entitylen = -1;
 	mtime = -1;
 	if (restartautofetch) {
-		if (strcmp(savefile, "-") != 0 && *savefile != '|' &&
-		stat(savefile, &sb) == 0)
+		if (stat(savefile, &sb) == 0)
 			restart_point = sb.st_size;
 	}
 	if (urltype == FILE_URL_T) {		/* file:// URLs */
@@ -1150,18 +1149,26 @@ fetch_url(const char *url, const char *p
 		}
 	}		/* end of ftp:// or http:// specific setup */
 
-			/* Open the output file. */
-	if (strcmp(savefile, "-") == 0) {
-		fout = stdout;
-	} else if (*savefile == '|') {
-		oldpipe = xsignal(SIGPIPE, SIG_IGN);
-		fout = popen(savefile + 1, "w");
-		if (fout == NULL) {
-			warn("Can't execute `%s'", savefile + 1);
-			goto cleanup_fetch_url;
+	/* Open the output file. */
+
+	/*
+	 * Only trust filenames with special meaning if they came from
+	 * the command line
+	 */
+	if (outfile == savefile) {
+		if (strcmp(savefile, "-") == 0) {
+			fout = stdout;
+		} else if (*savefile == '|') {
+			oldpipe = xsignal(SIGPIPE, SIG_IGN);
+			fout = popen(savefile + 1, "w");
+			if (fout == NULL) {
+warn("Can't execute `%s'", savefile + 1);
+goto cleanup_fetch_url;
+			}
+			closefunc = pclose;
 		}
-		closefunc = pclose;
-	} else {
+	}
+	if (fout == NULL) {
 		if ((rangeend != -1 && rangeend <= restart_point) ||
 		(rangestart == -1 && filesize != -1 && filesize <= restart_point)) {
 			/* already done */
@@ -1379,7 +1386,8 @@ fetch_url(const char *url, const char *p
 		(*closefunc)(fout);
 	if (res0)
 		freeaddrinfo(res0);
-	FREEPTR(savefile);
+	if (savefile != outfile)
+		FREEPTR(savefile);
 	FREEPTR(uuser);
 	if (pass != NULL)
 		memset(pass, 0, strlen(pass));