Hi, I noticed with the ftp program when downloading via HTTP or HTTPS it can be redirected to read from a local file directly.
While testing using a CGI program that responds with the HTTP headers: Status: 301 Moved Permanently Location: file:///dev/urandom The patch below disallows redirections to a file scheme. Patch: diff --git usr.bin/ftp/fetch.c usr.bin/ftp/fetch.c index eff558eba6f..1c749b21048 100644 --- usr.bin/ftp/fetch.c +++ usr.bin/ftp/fetch.c @@ -258,6 +258,9 @@ url_get(const char *origline, const char *proxyenv, const char *outfile, int las } else errx(1, "url_get: Invalid URL '%s'", newline); + if (isfileurl && redirect_loop > 0) + errx(1, "url_get: redirect to file '%s' not allowed", newline); + if (isfileurl) { path = host; } else { -- Kind regards, Hiltjo