[src/netbsd-7]: src/usr.bin/ftp Pull up following revision(s) (requested by c...

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/cf353863ba1f
branches:  netbsd-7
changeset: 798465:cf353863ba1f
user:      martin <martin%NetBSD.org@localhost>
date:      Sun Oct 26 16:47:12 2014 +0000

description:
Pull up following revision(s) (requested by christos in ticket #158):
        usr.bin/ftp/fetch.c: revision 1.206
don't pay attention to special characters if they don't come from the command
line (from jmcneill)

diffstat:

 usr.bin/ftp/fetch.c |  42 +++++++++++++++++++++++++-----------------
 1 files changed, 25 insertions(+), 17 deletions(-)

diffs (85 lines):

diff -r 02ef6c4db69f -r cf353863ba1f usr.bin/ftp/fetch.c
--- a/usr.bin/ftp/fetch.c       Sun Oct 26 09:49:58 2014 +0000
+++ b/usr.bin/ftp/fetch.c       Sun Oct 26 16:47:12 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: fetch.c,v 1.205 2013/11/07 02:06:51 christos Exp $     */
+/*     $NetBSD: fetch.c,v 1.205.4.1 2014/10/26 16:47:12 martin Exp $   */
 
 /*-
  * Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: fetch.c,v 1.205 2013/11/07 02:06:51 christos Exp $");
+__RCSID("$NetBSD: fetch.c,v 1.205.4.1 2014/10/26 16:47:12 martin Exp $");
 #endif /* not lint */
 
 /*
@@ -571,7 +571,7 @@
        url_decode(decodedpath);
 
        if (outfile)
-               savefile = ftp_strdup(outfile);
+               savefile = outfile;
        else {
                cp = strrchr(decodedpath, '/');         /* find savefile */
                if (cp != NULL)
@@ -595,8 +595,7 @@
        rangestart = rangeend = entitylen = -1;
        mtime = -1;
        if (restartautofetch) {
-               if (strcmp(savefile, "-") != 0 && *savefile != '|' &&
-                   stat(savefile, &sb) == 0)
+               if (stat(savefile, &sb) == 0)
                        restart_point = sb.st_size;
        }
        if (urltype == FILE_URL_T) {            /* file:// URLs */
@@ -1150,18 +1149,26 @@
                }
        }               /* end of ftp:// or http:// specific setup */
 
-                       /* Open the output file. */
-       if (strcmp(savefile, "-") == 0) {
-               fout = stdout;
-       } else if (*savefile == '|') {
-               oldpipe = xsignal(SIGPIPE, SIG_IGN);
-               fout = popen(savefile + 1, "w");
-               if (fout == NULL) {
-                       warn("Can't execute `%s'", savefile + 1);
-                       goto cleanup_fetch_url;
+       /* Open the output file. */
+
+       /*
+        * Only trust filenames with special meaning if they came from
+        * the command line
+        */
+       if (outfile == savefile) {
+               if (strcmp(savefile, "-") == 0) {
+                       fout = stdout;
+               } else if (*savefile == '|') {
+                       oldpipe = xsignal(SIGPIPE, SIG_IGN);
+                       fout = popen(savefile + 1, "w");
+                       if (fout == NULL) {
+                               warn("Can't execute `%s'", savefile + 1);
+                               goto cleanup_fetch_url;
+                       }
+                       closefunc = pclose;
                }
-               closefunc = pclose;
-       } else {
+       }
+       if (fout == NULL) {
                if ((rangeend != -1 && rangeend <= restart_point) ||
                    (rangestart == -1 && filesize != -1 && filesize <= restart_point)) {
                        /* already done */
@@ -1379,7 +1386,8 @@
                (*closefunc)(fout);
        if (res0)
                freeaddrinfo(res0);
-       FREEPTR(savefile);
+       if (savefile != outfile)
+               FREEPTR(savefile);
        FREEPTR(uuser);
        if (pass != NULL)
                memset(pass, 0, strlen(pass));