From 2d404628d8883e8780d509c41c83f847ec68bdc0 Mon Sep 17 00:00:00 2001 From: Guido van Rooij Date: Mon, 17 Nov 1997 19:29:16 +0000 Subject: [PATCH] Make sure you do not get unexpected surprises whena remote file starts with '|'. Reviewed by: Joerg Wunsch --- usr.bin/ftp/cmds.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/usr.bin/ftp/cmds.c b/usr.bin/ftp/cmds.c index 223255300fd8..ac77f4b8dd19 100644 --- a/usr.bin/ftp/cmds.c +++ b/usr.bin/ftp/cmds.c @@ -1,4 +1,4 @@ -/* $Id: cmds.c,v 1.8 1997/06/27 09:30:01 ache Exp $ */ +/* $Id: cmds.c,v 1.9 1997/06/27 10:21:22 ache Exp $ */ /* $NetBSD: cmds.c,v 1.24 1997/05/17 19:44:36 pk Exp $ */ /* @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)cmds.c 8.6 (Berkeley) 10/9/94"; #else -static char rcsid[] = "$Id: cmds.c,v 1.8 1997/06/27 09:30:01 ache Exp $"; +static char rcsid[] = "$Id: cmds.c,v 1.9 1997/06/27 10:21:22 ache Exp $"; #endif #endif /* not lint */ @@ -457,6 +457,10 @@ getit(argc, argv, restartit, mode) if (argc == 2) { argc++; argv[2] = argv[1]; + if (*argv[1] == '|' && !another(&argc, &argv, "(Warning: remote file starts with '|') local-file")) { + code = -1; + return (0); + } loc++; } if (argc < 2 && !another(&argc, &argv, "remote-file")) @@ -578,6 +582,13 @@ mget(argc, argv) mflag = 0; continue; } + if (!interactive && *cp == '|') { + printf("skipping %s for security reasons\n", cp); + sleep(2); + continue; + } else if (*cp == '|') { + printf("Note: next file starts with '|', which runs it through a pipe\n"); + } if (mflag && confirm(argv[0], cp)) { tp = cp; if (mcase) {