diff options
Diffstat (limited to 'net/wget/patches/patch-CVE-2016-7098')
| -rw-r--r-- | net/wget/patches/patch-CVE-2016-7098 | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/net/wget/patches/patch-CVE-2016-7098 b/net/wget/patches/patch-CVE-2016-7098 new file mode 100644 index 00000000000..0875be0c908 --- /dev/null +++ b/net/wget/patches/patch-CVE-2016-7098 @@ -0,0 +1,56 @@ +patch for CVE-2016-7098 from +http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d +http://git.savannah.gnu.org/cgit/wget.git/commit/?id=690c47e3b18c099843cdf557a0425d701fca4957 +(only the compilable parts) + +--- src/http.c.orig 2016-06-09 16:10:14.000000000 +0000 ++++ src/http.c 2016-10-27 20:02:46.000000000 +0000 +@@ -39,6 +39,7 @@ as that of the covered work. */ + #include <errno.h> + #include <time.h> + #include <locale.h> ++#include <fcntl.h> + + #include "hash.h" + #include "http.h" +@@ -1564,6 +1565,7 @@ struct http_stat + #ifdef HAVE_METALINK + metalink_t *metalink; + #endif ++ bool temporary; /* downloading a temporary file */ + }; + + static void +@@ -2254,6 +2256,15 @@ check_file_output (struct url *u, struct + xfree (local_file); + } + ++ hs->temporary = opt.delete_after || opt.spider || !acceptable (hs->local_file); ++ if (hs->temporary) ++ { ++ char *tmp = NULL; ++ asprintf (&tmp, "%s.tmp", hs->local_file); ++ xfree (hs->local_file); ++ hs->local_file = tmp; ++ } ++ + /* TODO: perform this check only once. */ + if (!hs->existence_checked && file_exists_p (hs->local_file)) + { +@@ -2467,7 +2478,15 @@ open_output_stream (struct http_stat *hs + open_id = 22; + *fp = fopen (hs->local_file, "wb", FOPEN_OPT_ARGS); + #else /* def __VMS */ +- *fp = fopen (hs->local_file, "wb"); ++ if (hs->temporary) ++ { ++ *fp = fdopen (open (hs->local_file, O_BINARY | O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR), "wb"); ++ } ++ else ++ { ++ *fp = fopen (hs->local_file, "wb"); ++ } ++ + #endif /* def __VMS [else] */ + } + else |