Overview

File wget-cookie-injection-CVE-2018-0494.patch of Package wget.7500

Index: wget-1.11.4/src/http.c
===================================================================
--- wget-1.11.4.orig/src/http.c
+++ wget-1.11.4/src/http.c
@@ -581,9 +581,9 @@ struct response {
    resp_header_*.  */
 
 static struct response *
-resp_new (const char *head)
+resp_new (char *head)
 {
-  const char *hdr;
+  char *hdr;
   int count, size;
 
   struct response *resp = xnew0 (struct response);
@@ -612,15 +612,23 @@ resp_new (const char *head)
         break;
 
       /* Find the end of HDR, including continuations. */
-      do
+      for (;;)
         {
-          const char *end = strchr (hdr, '\n');
+          char *end = strchr (hdr, '\n');
+
           if (end)
             hdr = end + 1;
           else
             hdr += strlen (hdr);
+
+	  if (*hdr != ' ' && *hdr != '\t')
+	    break;
+
+	  // continuation, transform \r and \n into spaces
+	  *end = ' ';
+	  if (end > head && end[-1] == '\r')
+	    end[-1] = ' ';
         }
-      while (*hdr == ' ' || *hdr == '\t');
     }
   DO_REALLOC (resp->headers, size, count + 1, const char *);
   resp->headers[count] = NULL;
openSUSE Build Service is sponsored by
Places