CVS commit: [netbsd-6-0] src/usr.bin/ftp

Sun, 26 Oct 2014 22:58:43 -0700 

Module Name:    src
Committed By:   snj
Date:           Mon Oct 27 05:57:31 UTC 2014

Modified Files:
        src/usr.bin/ftp [netbsd-6-0]: fetch.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #1175):
        usr.bin/ftp/fetch.c: revision 1.206 via patch
don't pay attention to special characters if they don't come from the command
line (from jmcneill)


To generate a diff of this commit:
cvs rdiff -u -r1.195 -r1.195.6.1 src/usr.bin/ftp/fetch.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.bin/ftp/fetch.c
diff -u src/usr.bin/ftp/fetch.c:1.195 src/usr.bin/ftp/fetch.c:1.195.6.1
--- src/usr.bin/ftp/fetch.c:1.195	Sat Dec 10 05:53:58 2011
+++ src/usr.bin/ftp/fetch.c	Mon Oct 27 05:57:31 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: fetch.c,v 1.195 2011/12/10 05:53:58 lukem Exp $	*/
+/*	$NetBSD: fetch.c,v 1.195.6.1 2014/10/27 05:57:31 snj Exp $	*/
 
 /*-
  * Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: fetch.c,v 1.195 2011/12/10 05:53:58 lukem Exp $");
+__RCSID("$NetBSD: fetch.c,v 1.195.6.1 2014/10/27 05:57:31 snj Exp $");
 #endif /* not lint */
 
 /*
@@ -541,7 +541,7 @@ fetch_url(const char *url, const char *p
 	url_decode(decodedpath);
 
 	if (outfile)
-		savefile = ftp_strdup(outfile);
+		savefile = outfile;
 	else {
 		cp = strrchr(decodedpath, '/');		/* find savefile */
 		if (cp != NULL)
@@ -1081,18 +1081,27 @@ fetch_url(const char *url, const char *p
 		}
 	}		/* end of ftp:// or http:// specific setup */
 
-			/* Open the output file. */
-	if (strcmp(savefile, "-") == 0) {
-		fout = stdout;
-	} else if (*savefile == '|') {
-		oldintp = xsignal(SIGPIPE, SIG_IGN);
-		fout = popen(savefile + 1, "w");
-		if (fout == NULL) {
-			warn("Can't execute `%s'", savefile + 1);
-			goto cleanup_fetch_url;
+	/* Open the output file. */
+ 
+	/* 
+	 * Only trust filenames with special meaning if they came from 
+	 * the command line
+	 */
+
+	if (outfile == savefile) {
+		if (strcmp(savefile, "-") == 0) {
+			fout = stdout;
+		} else if (*savefile == '|') {
+			oldintp = xsignal(SIGPIPE, SIG_IGN);
+			fout = popen(savefile + 1, "w");
+			if (fout == NULL) {
+				warn("Can't execute `%s'", savefile + 1);
+				goto cleanup_fetch_url;
+			}
+			closefunc = pclose;
 		}
-		closefunc = pclose;
-	} else {
+	}
+	if (fout == NULL) {
 		if ((rangeend != -1 && rangeend <= restart_point) ||
 		    (rangestart == -1 && filesize != -1 && filesize <= restart_point)) {
 			/* already done */
@@ -1303,7 +1312,8 @@ fetch_url(const char *url, const char *p
 		(*closefunc)(fout);
 	if (res0)
 		freeaddrinfo(res0);
-	FREEPTR(savefile);
+	if (savefile != outfile)
+		FREEPTR(savefile);
 	FREEPTR(uuser);
 	if (pass != NULL)
 		memset(pass, 0, strlen(pass));

Reply via email to