1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
http://bugs.gentoo.org/329941
based on upstream commit, but tweaked to work with wget-1.12 and
remove useless style changes
------------------------------------------------------------
revno: 2409
committer: Giuseppe Scrivano <gscrivano@gnu.org>
branch nick: wget
timestamp: Wed 2010-07-28 21:22:22 +0200
message:
Introduce --trust-server-names. Close CVE-2010-2252.
diff:
NEWS:
** By default, on server redirects, use the original URL to get the
local file name. Close CVE-2010-2252.
ChangeLog:
2010-07-28 Giuseppe Scrivano <gscrivano@gnu.org>
* http.h (http_loop): Add new argument `original_url'
* http.c (http_loop): Add new argument `original_url'. Use
`original_url' to get a filename if `trustservernames' is false.
* init.c (commands): Add "trustservernames".
* options.h (library): Add variable `trustservernames'.
* main.c (option_data): Add trust-server-names.
(print_help): Describe --trust-server-names.
* retr.c (retrieve_url): Pass new argument to `http_loop'.
=== modified file 'doc/wget.texi'
--- ./doc/wget.texi 2010-05-27 10:45:15 +0000
+++ ./doc/wget.texi 2010-07-28 19:22:22 +0000
@@ -1498,6 +1498,13 @@
@code{Content-Disposition} headers to describe what the name of a
downloaded file should be.
+@cindex Trust server names
+@item --trust-server-names
+
+If this is set to on, on a redirect the last component of the
+redirection URL will be used as the local file name. By default it is
+used the last component in the original URL.
+
@cindex authentication
@item --auth-no-challenge
@@ -2810,6 +2817,10 @@
Turn on recognition of the (non-standard) @samp{Content-Disposition}
HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}.
+@item trust_server_names = on/off
+If set to on, use the last component of a redirection URL for the local
+file name.
+
@item continue = on/off
If set to on, force continuation of preexistent partially retrieved
files. See @samp{-c} before setting it.
=== modified file 'src/http.c'
--- ./src/http.c 2010-07-20 17:42:13 +0000
+++ ./src/http.c 2010-07-28 19:22:22 +0000
@@ -2593,8 +2593,9 @@
/* The genuine HTTP loop! This is the part where the retrieval is
retried, and retried, and retried, and... */
uerr_t
-http_loop (struct url *u, char **newloc, char **local_file, const char *referer,
- int *dt, struct url *proxy, struct iri *iri)
+http_loop (struct url *u, struct url *original_url, char **newloc,
+ char **local_file, const char *referer, int *dt, struct url *proxy,
+ struct iri *iri)
{
int count;
bool got_head = false; /* used for time-stamping and filename detection */
@@ -2641,7 +2642,8 @@
}
else if (!opt.content_disposition)
{
- hstat.local_file = url_file_name (u);
+ hstat.local_file =
+ url_file_name (opt.trustservernames ? u : original_url);
got_name = true;
}
@@ -2679,7 +2681,7 @@
/* Send preliminary HEAD request if -N is given and we have an existing
* destination file. */
- file_name = url_file_name (u);
+ file_name = url_file_name (opt.trustservernames ? u : original_url);
if (opt.timestamping
&& !opt.content_disposition
&& file_exists_p (file_name))
=== modified file 'src/http.h'
--- ./src/http.h 2010-05-08 19:56:15 +0000
+++ ./src/http.h 2010-07-28 19:22:22 +0000
@@ -33,8 +33,8 @@
struct url;
-uerr_t http_loop (struct url *, char **, char **, const char *, int *,
- struct url *, struct iri *);
+uerr_t http_loop (struct url *, struct url *, char **, char **, const char *,
+ int *, struct url *, struct iri *);
void save_cookies (void);
void http_cleanup (void);
time_t http_atotm (const char *);
=== modified file 'src/init.c'
--- ./src/init.c 2010-05-08 19:56:15 +0000
+++ ./src/init.c 2010-07-28 19:22:22 +0000
@@ -252,6 +252,7 @@
{ "timeout", NULL, cmd_spec_timeout },
{ "timestamping", &opt.timestamping, cmd_boolean },
{ "tries", &opt.ntry, cmd_number_inf },
+ { "trustservernames", &opt.trustservernames, cmd_boolean },
{ "useproxy", &opt.use_proxy, cmd_boolean },
{ "user", &opt.user, cmd_string },
{ "useragent", NULL, cmd_spec_useragent },
=== modified file 'src/main.c'
--- ./src/main.c 2010-06-20 10:10:35 +0000
+++ ./src/main.c 2010-07-28 19:22:22 +0000
@@ -266,5 +266,6 @@
{ "timeout", 'T', OPT_VALUE, "timeout", -1 },
{ "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 },
{ "tries", 't', OPT_VALUE, "tries", -1 },
+ { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 },
{ "user", 0, OPT_VALUE, "user", -1 },
{ "user-agent", 'U', OPT_VALUE, "useragent", -1 },
@@ -680,6 +681,8 @@
N_("\
-I, --include-directories=LIST list of allowed directories.\n"),
N_("\
+ --trust-server-names use the name specified by the redirection url last component.\n"),
+ N_("\
-X, --exclude-directories=LIST list of excluded directories.\n"),
N_("\
-np, --no-parent don't ascend to the parent directory.\n"),
=== modified file 'src/options.h'
--- ./src/options.h 2010-05-08 19:56:15 +0000
+++ ./src/options.h 2010-07-28 19:22:22 +0000
@@ -242,6 +242,7 @@
char *encoding_remote;
char *locale;
+ bool trustservernames;
#ifdef __VMS
int ftp_stmlf; /* Force Stream_LF format for binary FTP. */
#endif /* def __VMS */
=== modified file 'src/retr.c'
--- ./src/retr.c 2010-05-08 19:56:15 +0000
+++ ./src/retr.c 2010-07-28 19:22:22 +0000
@@ -731,7 +731,8 @@
#endif
|| (proxy_url && proxy_url->scheme == SCHEME_HTTP))
{
- result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri);
+ result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,
+ proxy_url, iri);
}
else if (u->scheme == SCHEME_FTP)
{
|
