Fix directory traversal bug in FTP.

References: http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719482&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344 Patches obtained from: Red Hat Linux Approved by: portmgr(will)
2002-12-11 15:58:37 +00:00 · 2002-12-11 15:58:37 +00:00 · fc510011bc
commit fc510011bc
parent ef8ff6310b
6 changed files with 124 additions and 2 deletions
--- a/ftp/wget-devel/Makefile
+++ b/ftp/wget-devel/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	wget
 PORTVERSION=	1.8.2
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	ftp www
 MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	wget
--- a/ftp/wget-devel/files/patch-src_fnmatch_c
+++ b/ftp/wget-devel/files/patch-src_fnmatch_c
@ -0,0 +1,21 @@
+$OpenBSD: patch-src_fnmatch_c,v 1.1 2002/12/10 18:37:24 brad Exp $
+--- src/fnmatch.c.orig	Tue Dec 10 13:06:09 2002
+++ src/fnmatch.c	Tue Dec 10 13:07:23 2002
+@@ -188,6 +188,17 @@ fnmatch (const char *pattern, const char
+   return (FNM_NOMATCH);
+ }
+ 
+/* Return non-zero if S has a leading '/'  or contains '../' */
+int
+has_invalid_name (const char *s)
+{
+	if (*s == '/')
+		return 1;
+	if (strstr(s, "../") != 0)
+		return 1;
+	return 0;
+}
+
+ /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
+    `]').  */
+ int
--- a/ftp/wget-devel/files/patch-src_ftp_c
+++ b/ftp/wget-devel/files/patch-src_ftp_c
@ -0,0 +1,40 @@
+$OpenBSD: patch-src_ftp_c,v 1.1 2002/12/10 18:37:24 brad Exp $
+--- src/ftp.c.orig	Tue Dec 10 13:08:00 2002
+++ src/ftp.c	Tue Dec 10 13:16:22 2002
+@@ -1637,6 +1637,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc
+ {
+   struct fileinfo *orig, *start;
+   uerr_t res;
+  struct fileinfo *f;
+ 
+   con->cmd |= LEAVE_PENDING;
+ 
+@@ -1648,8 +1649,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc
+      opt.accepts and opt.rejects.  */
+   if (opt.accepts || opt.rejects)
+     {
+-      struct fileinfo *f = orig;
+-
+      f = orig;
+       while (f)
+ 	{
+ 	  if (f->type != FT_DIRECTORY && !acceptable (f->name))
+@@ -1661,6 +1661,18 @@ ftp_retrieve_glob (struct urlinfo *u, cc
+ 	    f = f->next;
+ 	}
+     }
+  /* Remove all files with possible harmful names */
+  f = orig;
+  while (f)
+  {
+     if (has_invalid_name(f->name))
+     {
+	logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
+	f = delelement (f, &start);
+     }
+     else
+	f = f->next;
+  }
+   /* Now weed out the files that do not match our globbing pattern.
+      If we are dealing with a globbing pattern, that is.  */
+   if (*u->file && (action == GLOBALL || action == GETONE))
--- a/ftp/wget/Makefile
+++ b/ftp/wget/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	wget
 PORTVERSION=	1.8.2
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	ftp www
 MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	wget
--- a/ftp/wget/files/patch-src_fnmatch_c
+++ b/ftp/wget/files/patch-src_fnmatch_c
@ -0,0 +1,21 @@
+$OpenBSD: patch-src_fnmatch_c,v 1.1 2002/12/10 18:37:24 brad Exp $
+--- src/fnmatch.c.orig	Tue Dec 10 13:06:09 2002
+++ src/fnmatch.c	Tue Dec 10 13:07:23 2002
+@@ -188,6 +188,17 @@ fnmatch (const char *pattern, const char
+   return (FNM_NOMATCH);
+ }
+ 
+/* Return non-zero if S has a leading '/'  or contains '../' */
+int
+has_invalid_name (const char *s)
+{
+	if (*s == '/')
+		return 1;
+	if (strstr(s, "../") != 0)
+		return 1;
+	return 0;
+}
+
+ /* Return non-zero if S contains globbing wildcards (`*', `?', `[' or
+    `]').  */
+ int
--- a/ftp/wget/files/patch-src_ftp_c
+++ b/ftp/wget/files/patch-src_ftp_c
@ -0,0 +1,40 @@
+$OpenBSD: patch-src_ftp_c,v 1.1 2002/12/10 18:37:24 brad Exp $
+--- src/ftp.c.orig	Tue Dec 10 13:08:00 2002
+++ src/ftp.c	Tue Dec 10 13:16:22 2002
+@@ -1637,6 +1637,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc
+ {
+   struct fileinfo *orig, *start;
+   uerr_t res;
+  struct fileinfo *f;
+ 
+   con->cmd |= LEAVE_PENDING;
+ 
+@@ -1648,8 +1649,7 @@ ftp_retrieve_glob (struct urlinfo *u, cc
+      opt.accepts and opt.rejects.  */
+   if (opt.accepts || opt.rejects)
+     {
+-      struct fileinfo *f = orig;
+-
+      f = orig;
+       while (f)
+ 	{
+ 	  if (f->type != FT_DIRECTORY && !acceptable (f->name))
+@@ -1661,6 +1661,18 @@ ftp_retrieve_glob (struct urlinfo *u, cc
+ 	    f = f->next;
+ 	}
+     }
+  /* Remove all files with possible harmful names */
+  f = orig;
+  while (f)
+  {
+     if (has_invalid_name(f->name))
+     {
+	logprintf (LOG_VERBOSE, _("Rejecting `%s'.\n"), f->name);
+	f = delelement (f, &start);
+     }
+     else
+	f = f->next;
+  }
+   /* Now weed out the files that do not match our globbing pattern.
+      If we are dealing with a globbing pattern, that is.  */
+   if (*u->file && (action == GLOBALL || action == GETONE))