[Bug 6836] wget redirected page use wrong authentication info

bugzilla at busybox.net bugzilla at busybox.net
Sat Feb 1 01:09:33 UTC 2014


https://bugs.busybox.net/show_bug.cgi?id=6836

--- Comment #1 from Dalei Liu <daleiliu at gmail.com> 2014-02-01 01:09:32 UTC ---
I checked networking/wget.c file and found that in parse_url() function, the
h->user pointed to h->allocated, which will be freed each time it parses a new
url.  So when it's called the second time after 302 response in line 889, the
h->user pointed to a freed area.

Here is my patch as a workaround, but I didn't think it's a good fix.  I'm not
sure if a redirected page should use new location url with or without old
username/password.  If it's not allowed, probably we should set h->user to NULL
in parse_url().  Or maybe we should implement --user and --password just like
GNU wget to avoid confusion.

diff --git a/networking/wget.c b/networking/wget.c
index d6c509e..8b2800d 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -327,13 +327,21 @@ static void parse_url(const char *src_url, struct
host_info *h)

     sp = strrchr(h->host, '@');
     if (sp != NULL) {
+        char *user;
+
         // URL-decode "user:password" string before base64-encoding:
         // wget http://test:my%20pass@example.com should send
         // Authorization: Basic dGVzdDpteSBwYXNz
         // which decodes to "test:my pass".
         // Standard wget and curl do this too.
         *sp = '\0';
-        h->user = percent_decode_in_place(h->host, /*strict:*/ 0);
+        user = percent_decode_in_place(h->host, /*strict:*/ 0);
+        if (user) {
+            // release previous user info
+            if (h->user)
+                free(h->user);
+            h->user = strdup(user);
+        }
         h->host = sp + 1;
     }

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list