The redirect URI is untrusted input so strnvis it first before printing
it.
--
:wq Claudio
Index: fetch.c
===================================================================
RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
retrieving revision 1.210
diff -u -p -r1.210 fetch.c
--- fetch.c 15 Sep 2022 12:47:10 -0000 1.210
+++ fetch.c 9 Nov 2022 15:29:37 -0000
@@ -949,8 +950,11 @@ noslash:
loctail = strchr(redirurl, '#');
if (loctail != NULL)
*loctail = '\0';
- if (verbose)
- fprintf(ttyout, "Redirected to %s\n", redirurl);
+ if (verbose) {
+ strnvis(gerror, redirurl, sizeof gerror,
+ VIS_SAFE);
+ fprintf(ttyout, "Redirected to %s\n", gerror);
+ }
ftp_close(&fin, &tls, &fd);
rval = url_get(redirurl, proxyenv, savefile, lastfile);
free(redirurl);
