[Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip

From:	Matthew White
Subject:	[Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary
Date:	Sat, 10 Sep 2016 12:49:50 +0200

[Coverity Scan is ok, make syntax-check is ok, make check-valgrind is ok, 
contrib/check-hard is ok]

This enforces the use of libmetalink's metalink_check_safe_path() to verify 
that the destination file name is safe.

The libmetalink's metalink_check_safe_path() advices against the use of unsafe 
file names.

The following description is verbatim from the patch:
-----
Unsafe file names contain an absolute, relative, or home path.  Safe
paths can be verified by libmetalink's metalink_check_safe_path().
-----

Regards,
Matthew

-- 
Matthew White <address@hidden>

0009-Enforce-Metalink-file-name-verification-strip-direct.patch
Description: Text Data

pgplBt6pqUlwn.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary, Matthew White <=
- Re: [Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary, Tim Ruehsen, 2016/09/12
  - Re: [Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary, Eli Zaretskii, 2016/09/12
    - Re: [Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary, Tim Rühsen, 2016/09/12
    - Re: [Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary, Matthew White, 2016/09/12
    - Re: [Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary, Tim Ruehsen, 2016/09/13
    - Re: [Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary, Matthew White, 2016/09/13
    - Re: [Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary, Tim Ruehsen, 2016/09/13
    - Re: [Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary, Matthew White, 2016/09/13
    - Re: [Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary, Matthew White, 2016/09/12
  - Re: [Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary, Matthew White, 2016/09/12

Prev by Date: [Bug-wget] [PATCH 08/25] Implement Metalink/XML --directory-prefix option in Metalink module
Next by Date: [Bug-wget] [PATCH 10/25] New document: Metalink/XML and Metalink/HTTP standard reference
Previous by thread: [Bug-wget] [PATCH 08/25] Implement Metalink/XML --directory-prefix option in Metalink module
Next by thread: Re: [Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary
Index(es):
- Date
- Thread