Hi,
I noticed with the ftp program when downloading via HTTP or HTTPS it can
be redirected to read from a local file directly.
While testing using a CGI program that responds with the HTTP headers:
Status: 301 Moved Permanently
Location: file:///dev/urandom
The patch below disallows redirections to a file scheme.
Patch:
diff --git usr.bin/ftp/fetch.c usr.bin/ftp/fetch.c
index eff558eba6f..1c749b21048 100644
--- usr.bin/ftp/fetch.c
+++ usr.bin/ftp/fetch.c
@@ -258,6 +258,9 @@ url_get(const char *origline, const char *proxyenv, const
char *outfile, int las
} else
errx(1, "url_get: Invalid URL '%s'", newline);
+ if (isfileurl && redirect_loop > 0)
+ errx(1, "url_get: redirect to file '%s' not allowed", newline);
+
if (isfileurl) {
path = host;
} else {
--
Kind regards,
Hiltjo
