[w3m-dev 03563] Directory Traversal Vulnerabilities in FTP Clients

* file.c (guess_save_name): pass guess_filename
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>

ChangeLog

@@ -1,3 +1,8 @@
+2002-12-13  Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
+
+	* [w3m-dev 03563] Directory Traversal Vulnerabilities in FTP Clients
+	* file.c (guess_save_name): pass guess_filename
+
 2002-12-13  Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
 
 	* [w3m-dev 03562] #undef BUFINFO
@@ -5746,4 +5751,4 @@ a	* [w3m-dev 03276] compile error on EWS4800
 	* release-0-2-1
 	* import w3m-0.2.1
 
-$Id: ChangeLog,v 1.614 2002/12/12 23:55:30 ukai Exp $
+$Id: ChangeLog,v 1.615 2002/12/13 00:09:50 ukai Exp $

file.c

@@ -1,4 +1,4 @@
-/* $Id: file.c,v 1.158 2002/12/10 15:36:10 ukai Exp $ */
+/* $Id: file.c,v 1.159 2002/12/13 00:09:50 ukai Exp $ */
 #include "fm.h"
 #include <sys/types.h>
 #include "myctype.h"
@@ -7832,16 +7832,14 @@ guess_save_name(Buffer *buf, char *path)
 	char *p, *q;
 	if ((p = checkHeader(buf, "Content-Disposition:")) != NULL &&
 	    (q = strcasestr(p, "filename")) != NULL &&
-	    (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';')) {
-	    if (matchattr(q, "filename", 8, &name))
-		return name->ptr;
-	}
-	if ((p = checkHeader(buf, "Content-Type:")) != NULL &&
+	    (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';') &&
+	    matchattr(q, "filename", 8, &name))
+	    path = name->ptr;
+	else if ((p = checkHeader(buf, "Content-Type:")) != NULL &&
 	    (q = strcasestr(p, "name")) != NULL &&
-	    (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';')) {
-	    if (matchattr(q, "name", 4, &name))
-		return name->ptr;
-	}
+	    (q == p || IS_SPACE(*(q - 1)) || *(q - 1) == ';') &&
+	    matchattr(q, "name", 4, &name))
+	    path = name->ptr;
     }
     return guess_filename(path);
 }