Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.1:ARM:Staging
wget
bad-metadata-CVE-2018-20483.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bad-metadata-CVE-2018-20483.patch of Package wget
Index: wget-1.19.5/src/ftp.c =================================================================== --- wget-1.19.5.orig/src/ftp.c +++ wget-1.19.5/src/ftp.c @@ -1580,7 +1580,7 @@ Error in server response, closing contro #ifdef ENABLE_XATTR if (opt.enable_xattr) - set_file_metadata (u->url, NULL, fp); + set_file_metadata (u, NULL, fp); #endif fd_close (local_sock); Index: wget-1.19.5/src/http.c =================================================================== --- wget-1.19.5.orig/src/http.c +++ wget-1.19.5/src/http.c @@ -4124,9 +4124,9 @@ gethttp (const struct url *u, struct url if (opt.enable_xattr) { if (original_url != u) - set_file_metadata (u->url, original_url->url, fp); + set_file_metadata (u, original_url, fp); else - set_file_metadata (u->url, NULL, fp); + set_file_metadata (u, NULL, fp); } #endif Index: wget-1.19.5/src/xattr.c =================================================================== --- wget-1.19.5.orig/src/xattr.c +++ wget-1.19.5/src/xattr.c @@ -22,6 +22,7 @@ #include "log.h" #include "xattr.h" +#include "utils.h" #ifdef USE_XATTR @@ -57,7 +58,7 @@ write_xattr_metadata (const char *name, #endif /* USE_XATTR */ int -set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp) +set_file_metadata (const struct url *origin_url, const struct url *referrer_url, FILE *fp) { /* Save metadata about where the file came from (requested, final URLs) to * user POSIX Extended Attributes of retrieved file. @@ -67,13 +68,28 @@ set_file_metadata (const char *origin_ur * [http://0pointer.de/lennart/projects/mod_mime_xattr/]. */ int retval = -1; + char *value; if (!origin_url || !fp) return retval; - retval = write_xattr_metadata ("user.xdg.origin.url", escnonprint_uri (origin_url), fp); - if ((!retval) && referrer_url) - retval = write_xattr_metadata ("user.xdg.referrer.url", escnonprint_uri (referrer_url), fp); + value = url_string (origin_url, URL_AUTH_HIDE); + retval = write_xattr_metadata ("user.xdg.origin.url", escnonprint_uri (value), fp); + xfree (value); + + if (!retval && referrer_url) + { + struct url u; + + memset(&u, 0, sizeof(u)); + u.scheme = referrer_url->scheme; + u.host = referrer_url->host; + u.port = referrer_url->port; + + value = url_string (&u, 0); + retval = write_xattr_metadata ("user.xdg.referrer.url", escnonprint_uri (value), fp); + xfree (value); + } return retval; } Index: wget-1.19.5/src/xattr.h =================================================================== --- wget-1.19.5.orig/src/xattr.h +++ wget-1.19.5/src/xattr.h @@ -16,12 +16,13 @@ along with this program; if not, see <http://www.gnu.org/licenses/>. */ #include <stdio.h> +#include <url.h> #ifndef _XATTR_H #define _XATTR_H /* Store metadata name/value attributes against fp. */ -int set_file_metadata (const char *origin_url, const char *referrer_url, FILE *fp); +int set_file_metadata (const struct url *origin_url, const struct url *referrer_url, FILE *fp); #if defined(__linux) /* libc on Linux has fsetxattr (5 arguments). */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
