200 might be a bit short for an URL, no?
On 2022-11-09 16:34 +01, Claudio Jeker <cje...@diehard.n-r-g.com> wrote:
> The redirect URI is untrusted input so strnvis it first before printing
> it.
>
> --
> :wq Claudio
>
> Index: fetch.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
> retrieving revision 1.210
> diff -u -p -r1.210 fetch.c
> --- fetch.c 15 Sep 2022 12:47:10 -0000 1.210
> +++ fetch.c 9 Nov 2022 15:29:37 -0000
> @@ -949,8 +950,11 @@ noslash:
> loctail = strchr(redirurl, '#');
> if (loctail != NULL)
> *loctail = '\0';
> - if (verbose)
> - fprintf(ttyout, "Redirected to %s\n", redirurl);
> + if (verbose) {
> + strnvis(gerror, redirurl, sizeof gerror,
> + VIS_SAFE);
> + fprintf(ttyout, "Redirected to %s\n", gerror);
> + }
> ftp_close(&fin, &tls, &fd);
> rval = url_get(redirurl, proxyenv, savefile, lastfile);
> free(redirurl);
>
--
I'm not entirely sure you are real.
