[PATCH] wget: removed pointless free, fixes bug accessing freed memory

Denys Vlasenko vda.linux at googlemail.com
Sun Mar 20 23:30:31 UTC 2011 

On Sunday 20 March 2011 22:32, gotrunks at gmail.com wrote:
> On Sun, Mar 20, 2011 at 10:29 PM, Cristian Ionescu-Idbohrn
> <cristian.ionescu-idbohrn at axis.com> wrote:
> > On Sun, 20 Mar 2011, gotrunks at gmail.com wrote:
> >> On Sun, Mar 20, 2011 at 4:21 PM, Denys Vlasenko
> >> <vda.linux at googlemail.com> wrote:
> >> > On Tuesday 15 March 2011 03:07, gotrunks at gmail.com wrote:
> >> >> Hi,
> >> >>
> >> >> I have just noticed a recent wget bug. Busybox wget doesn't parse the
> >> >> URL correctly in some circumstances; long guessed output filenames &&
> >> >> HTTP redirection.
> >> >>
> >> >> e.g.
> >> >> $./busybox wget
> >> >> http://cdimage.debian.org/debian-cd/6.0.0/kfreebsd-i386/iso-cd/debian-6.0.0-kfreebsd-i386-CD-1.iso
> >> >> Connecting to cdimage.debian.org (130.239.18.173:80)
> >> >> Connecting to hammurabi.acc.umu.se (130.239.18.165:80)
> >> >> wget: can't open '': No such file or directory
> >> >
> >> > Can't reproduce. What causes this on your machine?
> >> >
> >> >
> >>
> >> Like Cristian says, now there's a 404 error. Debian 6.0.1 was released
> >> yesterday... the return was:
> >> wget: can't open '': No such file or directory
> >> wget tried to output to "".
> >>
> >> If I try with other url (current iso of debian), wget tries to output to:
> >> ebian-6.0.1-kfreebsd-i386-CD-1.iso (first letter of filename is missing)
> >>
> >> ./busybox wget http://cdimage.debian.org/debian-cd/6.0.1/kfreebsd-i386/iso-cd/debian-6.0.1-kfreebsd-i386-CD-1.iso
> >> Connecting to cdimage.debian.org (130.239.18.163:80)
> >> Connecting to caesar.acc.umu.se (130.239.18.142:80)
> >> ebian-6.0.1-kfreebsd   1% |                            |  7769k  1:34:38 ETA
> >> ^----------------------------- d is missing
> >
> > I can confirm that.
> >
> 
> Yes, problems only happen without -O

Fixed in git:

diff -ad -urpN busybox.5/networking/wget.c busybox.6/networking/wget.c
--- busybox.5/networking/wget.c	2011-03-07 03:05:46.000000000 +0100
+++ busybox.6/networking/wget.c	2011-03-20 23:52:17.000000000 +0100
@@ -604,8 +604,14 @@ static void download_one_url(const char 
 		if (G.fname_out[0] == '/' || !G.fname_out[0])
 			G.fname_out = (char*)"index.html";
 		/* -P DIR is considered only if there was no -O FILE */
-		if (G.dir_prefix)
-			G.fname_out = fname_out_alloc = concat_path_file(G.dir_prefix, G.fname_out);
+		else {
+			if (G.dir_prefix)
+				G.fname_out = fname_out_alloc = concat_path_file(G.dir_prefix, G.fname_out);
+			else {
+				/* redirects may free target.path later, need to make a copy */
+				G.fname_out = fname_out_alloc = xstrdup(G.fname_out);
+			}
+		}
 	}
 #if ENABLE_FEATURE_WGET_STATUSBAR
 	G.curfile = bb_get_last_path_component_nostrip(G.fname_out);

-- 
vda

More information about the busybox mailing list