From 18acfe813029ae7673d09c8e97bc6e4f1b336bea Mon Sep 17 00:00:00 2001
From: hniksic <devnull@localhost>
Date: Sat, 5 Mar 2005 15:04:05 -0800
Subject: [PATCH] [svn] Fix bogus ".." hosts injecting such components to path.

---
 src/ChangeLog | 5 +++++
 src/url.c     | 8 +++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 762067f0..f29dd261 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2005-03-05  Hrvoje Niksic  <hniksic@xemacs.org>
+
+	* url.c (url_file_name): Don't allow hosts named ".." to be
+	appended as path elements.
+
 2005-03-03  Hrvoje Niksic  <hniksic@xemacs.org>
 
 	* retr.c (retrieve_url): Escape location header.
diff --git a/src/url.c b/src/url.c
index 7762473f..35399050 100644
--- a/src/url.c
+++ b/src/url.c
@@ -1454,7 +1454,13 @@ url_file_name (const struct url *u)
 	{
 	  if (fnres.tail)
 	    append_char ('/', &fnres);
-	  append_string (u->host, &fnres);
+	  if (0 != strcmp (u->host, ".."))
+	    append_string (u->host, &fnres);
+	  else
+	    /* Host name can come from the network; malicious DNS may
+	       allow ".." to be resolved, causing us to write to
+	       "../<file>".  Defang such host names.  */
+	    append_string ("%2E%2E", &fnres);
 	  if (u->port != scheme_default_port (u->scheme))
 	    {
 	      char portstr[24];