Hi, I start reading your code, and I have a first remark.
I see in main.c (at line 142 and next) that on redirection, you trust the server for the filename. I am not sure it is a good thing to do. If the user request 'http://www.example.com/a_filename' (without -o), the file created should be 'a_filename' what ever the redirection is. Else, a evil server could arbitrary choose the filename (in the current directory), and as file creation is done with O_TRUNC (or O_APPEND in resume case), an evil server could override the file he wants. Regards. -- Sebastien Marie
