diff options
| author |   jca <jca@openbsd.org> | 2019-12-19 00:07:20 +0000 |
|---|---|---|
| committer | jca <jca@openbsd.org> | 2019-12-19 00:07:20 +0000 |
| commit | 0198273303be3be4f526bf21fcc48cc068aa1aae (patch) | |
| tree | 01cdee56bd5e0a1948b81761bed4a352d6c19cd4 | |
| parent | unifdef _AIX (diff) | |
| download | wireguard-openbsd-0198273303be3be4f526bf21fcc48cc068aa1aae.tar.xz wireguard-openbsd-0198273303be3be4f526bf21fcc48cc068aa1aae.zip | |
Prevent redirections to file: URLs
Report and fix from Hiltjo Posthuma, input from and ok deraadt@
| -rw-r--r-- | usr.bin/ftp/fetch.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c index eff558eba6f..2f67693c436 100644 --- a/usr.bin/ftp/fetch.c +++ b/usr.bin/ftp/fetch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fetch.c,v 1.184 2019/12/09 19:05:06 jca Exp $ */ +/* $OpenBSD: fetch.c,v 1.185 2019/12/19 00:07:20 jca Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /*- @@ -258,6 +258,9 @@ url_get(const char *origline, const char *proxyenv, const char *outfile, int las } else errx(1, "url_get: Invalid URL '%s'", newline); + if (isfileurl && redirect_loop > 0) + errx(1, "Redirection to local file not permitted"); + if (isfileurl) { path = host; } else { |