head	1.3;
access;
symbols
	OPENPKG_E1_MP_HEAD:1.3
	OPENPKG_E1_MP:1.3
	OPENPKG_E1_MP_2_STABLE:1.3
	OPENPKG_E1_FP:1.3
	OPENPKG_2_STABLE_20061018:1.3
	OPENPKG_2_STABLE:1.3.0.14
	OPENPKG_2_STABLE_BP:1.3
	OPENPKG_2_5_SOLID:1.3.0.12
	OPENPKG_2_5_SOLID_BP:1.3
	OPENPKG_2_4_RELEASE:1.3
	OPENPKG_2_4_SOLID:1.3.0.10
	OPENPKG_2_4_SOLID_BP:1.3
	OPENPKG_2_3_RELEASE:1.3
	OPENPKG_2_3_SOLID:1.3.0.8
	OPENPKG_2_3_SOLID_BP:1.3
	OPENPKG_2_2_RELEASE:1.3
	OPENPKG_2_2_SOLID:1.3.0.6
	OPENPKG_2_2_SOLID_BP:1.3
	OPENPKG_2_1_RELEASE:1.3
	OPENPKG_2_1_SOLID:1.3.0.4
	OPENPKG_2_1_SOLID_BP:1.3
	OPENPKG_2_0_RELEASE:1.3
	OPENPKG_2_0_SOLID:1.3.0.2
	OPENPKG_2_0_SOLID_BP:1.3
	OPENPKG_1_3_RELEASE:1.1.2.1
	OPENPKG_1_3_SOLID:1.1.2.1.0.2
	OPENPKG_1_3_SOLID_BP:1.1.2.1
	OPENPKG_1_STABLE_MP:1.2
	OPENPKG_1_1_SOLID:1.1.0.6
	OPENPKG_1_2_RELEASE:1.1
	OPENPKG_1_2_SOLID:1.1.0.4
	OPENPKG_1_2_SOLID_BP:1.1
	OPENPKG_1_STABLE:1.1.0.2
	OPENPKG_1_STABLE_BP:1.1;
locks; strict;
comment	@# @;


1.3
date	2003.10.22.19.19.48;	author rse;	state dead;
branches
	1.3.10.1;
next	1.2;

1.2
date	2003.01.23.14.00.49;	author thl;	state Exp;
branches;
next	1.1;

1.1
date	2002.12.16.12.39.36;	author rse;	state Exp;
branches
	1.1.2.1
	1.1.4.1
	1.1.6.1;
next	;

1.3.10.1
date	2005.10.18.08.35.58;	author rse;	state Exp;
branches;
next	;

1.1.2.1
date	2003.01.23.14.47.24;	author rse;	state Exp;
branches;
next	;

1.1.4.1
date	2003.01.23.14.47.40;	author rse;	state Exp;
branches;
next	;

1.1.6.1
date	2003.01.23.13.51.16;	author thl;	state Exp;
branches;
next	;


desc
@@


1.3
log
@upgrading package: wget 1.8.2 -> 1.9
@
text
@--- src/fnmatch.c.orig	2002/05/18 03:05:15	1.2.2.1
+++ src/fnmatch.c	2003/01/11 19:53:31	1.2.2.2
@@@@ -35,6 +35,11 @@@@
 
 #include <errno.h>
 #include "wget.h"
+#ifdef HAVE_STRING_H
+# include <string.h>
+#else
+# include <strings.h>
+#endif /* HAVE_STRING_H */
 #include "fnmatch.h"
 
 /* Match STRING against the filename pattern PATTERN, returning zero
@@@@ -196,6 +201,19 @@@@
     return (0);
 
   return (FNM_NOMATCH);
+}
+
+/* Return non-zero if S has a leading '/'  or contains '../' */
+int
+has_insecure_name_p (const char *s)
+{
+  if (*s == '/')
+    return 1;
+
+  if (strstr(s, "../") != 0)
+    return 1;
+
+  return 0;
 }
 
 /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
--- src/ftp.c.orig	2002/05/18 03:05:16	1.52.2.1
+++ src/ftp.c	2003/01/11 19:53:31	1.52.2.2
@@@@ -1549,7 +1549,7 @@@@
 static uerr_t
 ftp_retrieve_glob (struct url *u, ccon *con, int action)
 {
-  struct fileinfo *orig, *start;
+  struct fileinfo *f, *orig, *start;
   uerr_t res;
 
   con->cmd |= LEAVE_PENDING;
@@@@ -1562,8 +1562,7 @@@@
      opt.accepts and opt.rejects.  */
   if (opt.accepts || opt.rejects)
     {
-      struct fileinfo *f = orig;
-
+      f = orig;
       while (f)
 	{
 	  if (f->type != FT_DIRECTORY && !acceptable (f->name))
@@@@ -1575,13 +1574,25 @@@@
 	    f = f->next;
 	}
     }
+  /* Remove all files with possible harmful names */
+  f = orig;
+  while (f)
+    {
+      if (has_insecure_name_p(f->name))
+	{
+	  logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
+	  f = delelement (f, &start);
+	}
+      else
+	f = f->next;
+    }
   /* Now weed out the files that do not match our globbing pattern.
      If we are dealing with a globbing pattern, that is.  */
   if (*u->file && (action == GLOBALL || action == GETONE))
     {
       int matchres = 0;
-      struct fileinfo *f = start;
 
+      f = start;
       while (f)
 	{
 	  matchres = fnmatch (u->file, f->name, 0);
@


1.3.10.1
log
@apply security fix (CAN-2005-3185)
@
text
@d1 3
a3 16
Security Fix (CAN-2005-3185)

Index: src/http-ntlm.c
--- src/http-ntlm.c	2005-05-10 23:16:53 +0200
+++ src/http-ntlm.c	2005-10-13 10:52:21 +0200
@@@@ -526,6 +526,11 @@@@
     size=64;
     ntlmbuf[62]=ntlmbuf[63]=0;
 
+    /* Make sure that the user and domain strings fit in the target buffer
+       before we copy them there. */
+    if(size + userlen + domlen >= sizeof(ntlmbuf))
+      return NULL;
+    
     memcpy(&ntlmbuf[size], domain, domlen);
     size += domlen;
d5 78
@


1.2
log
@move from RedHat to wget CVS HEAD patch
@
text
@@


1.1
log
@include security patches
@
text
@d1 17
a17 4
diff -urN wget-1.8.2/src/fnmatch.c wget-1.8.2_save/src/fnmatch.c
--- wget-1.8.2/src/fnmatch.c	Sat May 18 05:05:15 2002
+++ wget-1.8.2_save/src/fnmatch.c	Fri Oct  4 14:53:40 2002
@@@@ -198,6 +198,17 @@@@
d19 2
a20 2
 }
 
d23 1
a23 1
+has_invalid_name (const char *s)
d25 5
a29 6
+	if (*s == '/')
+		return 1;
+	if (strstr(s, "../") != 0)
+		return 1;
+	return 0;
+}
d31 3
d35 5
a39 6
    `]').  */
 int
diff -urN wget-1.8.2/src/ftp.c wget-1.8.2_save/src/ftp.c
--- wget-1.8.2/src/ftp.c	Sat May 18 05:05:16 2002
+++ wget-1.8.2_save/src/ftp.c	Fri Oct  4 15:07:22 2002
@@@@ -1551,6 +1551,8 @@@@
d41 2
a42 1
   struct fileinfo *orig, *start;
a43 2
+  struct fileinfo *f;
+
d46 1
a46 2
 
@@@@ -1562,8 +1564,7 @@@@
d52 1
a52 1
+	f = orig;
d56 1
a56 1
@@@@ -1575,6 +1576,18 @@@@
d63 3
a65 3
+  {
+     if (has_invalid_name(f->name))
+     {
d68 4
a71 4
+     }
+     else
+	  f = f->next;
+  }
d75 3
a77 8
--- wget-1.8.2/src/url.c.fpons	2002-09-04 16:16:52.000000000 +0200
+++ wget-1.8.2/src/url.c	2002-09-04 16:32:14.000000000 +0200
@@@@ -499,14 +499,18 @@@@
 int
 url_skip_uname (const char *url)
 {
-  const char *p;
+  const char *p, *pp;
d79 4
a82 18
-  /* Look for '@@' that comes before '/' or '?'. */
-  p = (const char *)strpbrk (url, "/?@@");
-  if (!p || *p != '@@')
-    return 0;
+  /* Look for last '@@' that comes before '/' or '?'. */
+  pp = url;
+  while ((p = (const char *)strpbrk (pp, "/?@@")) != NULL) {
+    if (*p != '@@')
+      break;
+    /* Found '@@' character so go on with possible next '@@'. */
+    pp = p + 1;
+  }
 
-  return p - url + 1;
+  return pp != url ? pp - url: 0;
 }
 
 static int
@


1.1.4.1
log
@MFS: upgrade security patch (see OpenPKG-SA-2003.007-wget)
@
text
@d1 6
a6 16
--- src/fnmatch.c.orig	2002/05/18 03:05:15	1.2.2.1
+++ src/fnmatch.c	2003/01/11 19:53:31	1.2.2.2
@@@@ -35,6 +35,11 @@@@
 
 #include <errno.h>
 #include "wget.h"
+#ifdef HAVE_STRING_H
+# include <string.h>
+#else
+# include <strings.h>
+#endif /* HAVE_STRING_H */
 #include "fnmatch.h"
 
 /* Match STRING against the filename pattern PATTERN, returning zero
@@@@ -196,6 +201,19 @@@@
     return (0);
a7 3
   return (FNM_NOMATCH);
+}
+
d10 1
a10 1
+has_insecure_name_p (const char *s)
d12 6
a17 5
+  if (*s == '/')
+    return 1;
+
+  if (strstr(s, "../") != 0)
+    return 1;
a18 3
+  return 0;
 }
 
d20 6
a25 5
--- src/ftp.c.orig	2002/05/18 03:05:16	1.52.2.1
+++ src/ftp.c	2003/01/11 19:53:31	1.52.2.2
@@@@ -1549,7 +1549,7 @@@@
 static uerr_t
 ftp_retrieve_glob (struct url *u, ccon *con, int action)
d27 1
a27 2
-  struct fileinfo *orig, *start;
+  struct fileinfo *f, *orig, *start;
d29 2
d33 2
a34 1
@@@@ -1562,8 +1562,7 @@@@
d40 1
a40 1
+      f = orig;
d44 1
a44 1
@@@@ -1575,13 +1574,25 @@@@
d51 3
a53 3
+    {
+      if (has_insecure_name_p(f->name))
+	{
d56 4
a59 4
+	}
+      else
+	f = f->next;
+    }
d63 25
a87 3
     {
       int matchres = 0;
-      struct fileinfo *f = start;
d89 1
a89 4
+      f = start;
       while (f)
 	{
 	  matchres = fnmatch (u->file, f->name, 0);
@


1.1.2.1
log
@MFC: upgrade security patch (see OpenPKG-SA-2003.007-wget)
@
text
@d1 6
a6 16
--- src/fnmatch.c.orig	2002/05/18 03:05:15	1.2.2.1
+++ src/fnmatch.c	2003/01/11 19:53:31	1.2.2.2
@@@@ -35,6 +35,11 @@@@
 
 #include <errno.h>
 #include "wget.h"
+#ifdef HAVE_STRING_H
+# include <string.h>
+#else
+# include <strings.h>
+#endif /* HAVE_STRING_H */
 #include "fnmatch.h"
 
 /* Match STRING against the filename pattern PATTERN, returning zero
@@@@ -196,6 +201,19 @@@@
     return (0);
a7 3
   return (FNM_NOMATCH);
+}
+
d10 1
a10 1
+has_insecure_name_p (const char *s)
d12 6
a17 5
+  if (*s == '/')
+    return 1;
+
+  if (strstr(s, "../") != 0)
+    return 1;
a18 3
+  return 0;
 }
 
d20 6
a25 5
--- src/ftp.c.orig	2002/05/18 03:05:16	1.52.2.1
+++ src/ftp.c	2003/01/11 19:53:31	1.52.2.2
@@@@ -1549,7 +1549,7 @@@@
 static uerr_t
 ftp_retrieve_glob (struct url *u, ccon *con, int action)
d27 1
a27 2
-  struct fileinfo *orig, *start;
+  struct fileinfo *f, *orig, *start;
d29 2
d33 2
a34 1
@@@@ -1562,8 +1562,7 @@@@
d40 1
a40 1
+      f = orig;
d44 1
a44 1
@@@@ -1575,13 +1574,25 @@@@
d51 3
a53 3
+    {
+      if (has_insecure_name_p(f->name))
+	{
d56 4
a59 4
+	}
+      else
+	f = f->next;
+    }
d63 25
a87 3
     {
       int matchres = 0;
-      struct fileinfo *f = start;
d89 1
a89 4
+      f = start;
       while (f)
 	{
 	  matchres = fnmatch (u->file, f->name, 0);
@


1.1.6.1
log
@SA-2003.007-wget; CAN-2002-1344; fix unsupported SSL autodetection
@
text
@d1 6
a6 16
--- src/fnmatch.c.orig	2002/05/18 03:05:15	1.2.2.1
+++ src/fnmatch.c	2003/01/11 19:53:31	1.2.2.2
@@@@ -35,6 +35,11 @@@@
 
 #include <errno.h>
 #include "wget.h"
+#ifdef HAVE_STRING_H
+# include <string.h>
+#else
+# include <strings.h>
+#endif /* HAVE_STRING_H */
 #include "fnmatch.h"
 
 /* Match STRING against the filename pattern PATTERN, returning zero
@@@@ -196,6 +201,19 @@@@
     return (0);
a7 3
   return (FNM_NOMATCH);
+}
+
d10 1
a10 1
+has_insecure_name_p (const char *s)
d12 6
a17 5
+  if (*s == '/')
+    return 1;
+
+  if (strstr(s, "../") != 0)
+    return 1;
a18 3
+  return 0;
 }
 
d20 6
a25 5
--- src/ftp.c.orig	2002/05/18 03:05:16	1.52.2.1
+++ src/ftp.c	2003/01/11 19:53:31	1.52.2.2
@@@@ -1549,7 +1549,7 @@@@
 static uerr_t
 ftp_retrieve_glob (struct url *u, ccon *con, int action)
d27 1
a27 2
-  struct fileinfo *orig, *start;
+  struct fileinfo *f, *orig, *start;
d29 2
d33 2
a34 1
@@@@ -1562,8 +1562,7 @@@@
d40 1
a40 1
+      f = orig;
d44 1
a44 1
@@@@ -1575,13 +1574,25 @@@@
d51 3
a53 3
+    {
+      if (has_insecure_name_p(f->name))
+	{
d56 4
a59 4
+	}
+      else
+	f = f->next;
+    }
d63 25
a87 3
     {
       int matchres = 0;
-      struct fileinfo *f = start;
d89 1
a89 4
+      f = start;
       while (f)
 	{
 	  matchres = fnmatch (u->file, f->name, 0);
@