From c17f57f1fa7d0583795ef7321a819c3fb8677a23 Mon Sep 17 00:00:00 2001 From: micah Date: Sun, 29 Jul 2007 18:22:34 -0700 Subject: [PATCH] [svn] Fix for bug #20296: User:pass@ given in Referer header. --- ChangeLog | 3 ++- NEWS | 3 +++ src/ChangeLog | 9 +++++++++ src/ftp.c | 4 ++-- src/http.c | 6 +++--- src/recur.c | 14 ++++++++++++-- src/url.c | 24 ++++++++++++++---------- src/url.h | 10 +++++++++- 8 files changed, 54 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1b00c34b..2ced0876 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 2007-07-29 Micah Cowan - * NEWS: No more auth before challenge. + * NEWS: No more auth before challenge. No more auth info in + Referer. 2007-07-09 Micah Cowan diff --git a/NEWS b/NEWS index e5f6878d..fe096838 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,9 @@ Please send GNU Wget bug reports to . * Changes in Wget 1.11. +** Authentication information is no longer sent as part of the Referer +header in recursive fetches. + ** No authentication credentials are sent until a challenge is issued, for improved security. Authentication handling is still not RFC-compliant, as once a Basic challenge has been received, it will diff --git a/src/ChangeLog b/src/ChangeLog index c576f117..85246980 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,12 @@ +2007-07-29 Micah Cowan + + * url.h, url.c (url_string): Replaced bool arg of the url_string + function with enum url_auth_mode, with added option to + completely remove user/pass auth information. + * http.c, ftp.c, url.c, recur.c: Adapted call to url_string + function to fit new usage. + * recur.c (retrieve_tree): Remove auth info from Referer header. + 2007-07-28 Micah Cowan * options.h, init.c, retr.c, main.c: renamed opt maxredirect diff --git a/src/ftp.c b/src/ftp.c index 2e32c1f0..02d1d85c 100644 --- a/src/ftp.c +++ b/src/ftp.c @@ -1153,7 +1153,7 @@ ftp_loop_internal (struct url *u, struct fileinfo *f, ccon *con) /* Print fetch message, if opt.verbose. */ if (opt.verbose) { - char *hurl = url_string (u, true); + char *hurl = url_string (u, URL_AUTH_HIDE_PASSWD); char tmp[256]; strcpy (tmp, " "); if (count > 1) @@ -1234,7 +1234,7 @@ ftp_loop_internal (struct url *u, struct fileinfo *f, ccon *con) /* Need to hide the password from the URL. The `if' is here so that we don't do the needless allocation every time. */ - char *hurl = url_string (u, true); + char *hurl = url_string (u, URL_AUTH_HIDE_PASSWD); logprintf (LOG_NONVERBOSE, "%s URL: %s [%s] -> \"%s\" [%d]\n", tms, hurl, number_to_static_string (len), locf, count); xfree (hurl); diff --git a/src/http.c b/src/http.c index af024bb9..e6f266a3 100644 --- a/src/http.c +++ b/src/http.c @@ -2359,7 +2359,7 @@ Spider mode enabled. Check if remote file exists.\n")); /* Print fetch message, if opt.verbose. */ if (opt.verbose) { - char *hurl = url_string (u, true); + char *hurl = url_string (u, URL_AUTH_HIDE_PASSWD); if (count > 1) { @@ -2483,7 +2483,7 @@ Spider mode enabled. Check if remote file exists.\n")); if (!opt.verbose) { /* #### Ugly ugly ugly! */ - hurl = url_string (u, true); + hurl = url_string (u, URL_AUTH_HIDE_PASSWD); logprintf (LOG_NONVERBOSE, "%s:\n", hurl); } /* Maybe we should always keep track of broken links, not just in @@ -2492,7 +2492,7 @@ Spider mode enabled. Check if remote file exists.\n")); { /* #### Again: ugly ugly ugly! */ if (!hurl) - hurl = url_string (u, true); + hurl = url_string (u, URL_AUTH_HIDE_PASSWD); nonexisting_url (hurl); logprintf (LOG_NOTQUIET, _("\ Remote file does not exist -- broken link!!!\n")); diff --git a/src/recur.c b/src/recur.c index 53cd39cd..9ecb7d8e 100644 --- a/src/recur.c +++ b/src/recur.c @@ -324,8 +324,14 @@ retrieve_tree (const char *start_url) { struct urlpos *child = children; struct url *url_parsed = url_parsed = url_parse (url, NULL); + char *referer_url = url; + bool strip_auth = url_parsed->user; assert (url_parsed != NULL); + /* Strip auth info if present */ + if (strip_auth) + referer_url = url_string (url_parsed, URL_AUTH_HIDE); + for (; child; child = child->next) { if (child->ignore_when_downloading) @@ -336,7 +342,7 @@ retrieve_tree (const char *start_url) blacklist)) { url_enqueue (queue, xstrdup (child->url->url), - xstrdup (url), depth + 1, + xstrdup (referer_url), depth + 1, child->link_expect_html); /* We blacklist the URL we have enqueued, because we don't want to enqueue (and hence download) the @@ -345,6 +351,8 @@ retrieve_tree (const char *start_url) } } + if (strip_auth) + xfree (referer_url); url_free (url_parsed); free_urlpos (children); } @@ -428,7 +436,7 @@ download_child_p (const struct urlpos *upos, struct url *parent, int depth, { if (opt.spider) { - char *referrer = url_string (parent, true); + char *referrer = url_string (parent, URL_AUTH_HIDE_PASSWD); DEBUGP (("download_child_p: parent->url is: `%s'\n", parent->url)); visited_url (url, referrer); xfree (referrer); @@ -628,3 +636,5 @@ descend_redirect_p (const char *redirected, const char *original, int depth, return success; } + +/* vim:set sts=2 sw=2 cino+={s: */ diff --git a/src/url.c b/src/url.c index 650c6347..e95d572f 100644 --- a/src/url.c +++ b/src/url.c @@ -855,7 +855,7 @@ url_parse (const char *url, int *error) /* If we suspect that a transformation has rendered what url_string might return different from URL_ENCODED, rebuild u->url using url_string. */ - u->url = url_string (u, false); + u->url = url_string (u, URL_AUTH_SHOW); if (url_encoded != url) xfree ((char *) url_encoded); @@ -1071,7 +1071,7 @@ sync_path (struct url *u) /* Regenerate u->url as well. */ xfree (u->url); - u->url = url_string (u, false); + u->url = url_string (u, URL_AUTH_SHOW); } /* Mutators. Code in ftp.c insists on changing u->dir and u->file. @@ -1814,7 +1814,7 @@ uri_merge (const char *base, const char *link) the URL will be quoted. */ char * -url_string (const struct url *url, bool hide_password) +url_string (const struct url *url, enum url_auth_mode auth_mode) { int size; char *result, *p; @@ -1831,13 +1831,16 @@ url_string (const struct url *url, bool hide_password) /* Make sure the user name and password are quoted. */ if (url->user) { - quoted_user = url_escape_allow_passthrough (url->user); - if (url->passwd) + if (auth_mode != URL_AUTH_HIDE) { - if (hide_password) - quoted_passwd = HIDDEN_PASSWORD; - else - quoted_passwd = url_escape_allow_passthrough (url->passwd); + quoted_user = url_escape_allow_passthrough (url->user); + if (url->passwd) + { + if (auth_mode = URL_AUTH_HIDE_PASSWD) + quoted_passwd = HIDDEN_PASSWORD; + else + quoted_passwd = url_escape_allow_passthrough (url->passwd); + } } } @@ -1899,7 +1902,8 @@ url_string (const struct url *url, bool hide_password) if (quoted_user && quoted_user != url->user) xfree (quoted_user); - if (quoted_passwd && !hide_password && quoted_passwd != url->passwd) + if (quoted_passwd && auth_mode == URL_AUTH_SHOW + && quoted_passwd != url->passwd) xfree (quoted_passwd); if (quoted_host != url->host) xfree (quoted_host); diff --git a/src/url.h b/src/url.h index f4b6b7e1..80e3e3c1 100644 --- a/src/url.h +++ b/src/url.h @@ -34,6 +34,14 @@ so, delete this exception statement from your version. */ #define DEFAULT_FTP_PORT 21 #define DEFAULT_HTTPS_PORT 443 +/* Specifies how, or whether, user auth information should be included + * in URLs regenerated from URL parse structures. */ +enum url_auth_mode { + URL_AUTH_SHOW, + URL_AUTH_HIDE_PASSWD, + URL_AUTH_HIDE +}; + /* Note: the ordering here is related to the order of elements in `supported_schemes' in url.c. */ @@ -86,7 +94,7 @@ bool url_has_scheme (const char *); int scheme_default_port (enum url_scheme); void scheme_disable (enum url_scheme); -char *url_string (const struct url *, bool); +char *url_string (const struct url *, enum url_auth_mode); char *url_file_name (const struct url *); char *uri_merge (const char *, const char *);