File wget-CVE-2016-7098.patch of Package wget.37320

Index: wget-1.14/src/http.c
===================================================================
--- wget-1.14.orig/src/http.c
+++ wget-1.14/src/http.c
@@ -39,6 +39,7 @@ as that of the covered work.  */
 #include <errno.h>
 #include <time.h>
 #include <locale.h>
+#include <fcntl.h>
 
 #include "hash.h"
 #include "http.h"
@@ -1459,6 +1460,7 @@ struct http_stat
   wgint orig_file_size;         /* size of file to compare for time-stamping */
   time_t orig_file_tstamp;      /* time-stamp of file to compare for
                                  * time-stamping */
+  bool temporary;               /* downloading a temporary file */
 };
 
 static void
@@ -2453,6 +2455,15 @@ read_header:
         }
     }
 
+  hs->temporary = opt.delete_after || opt.spider || !acceptable (hs->local_file);
+  if (hs->temporary)
+    {
+      char *tmp = NULL;
+      asprintf (&tmp, "%s.tmp", hs->local_file);
+      xfree (hs->local_file);
+      hs->local_file = tmp;
+    }
+
   /* TODO: perform this check only once. */
   if (!hs->existence_checked && file_exists_p (hs->local_file))
     {
@@ -2861,7 +2872,11 @@ read_header:
           open_id = 22;
           fp = fopen (hs->local_file, "wb", FOPEN_OPT_ARGS);
 #else /* def __VMS */
-          fp = fopen (hs->local_file, "wb");
+          if (hs->temporary)
+              fp = fdopen (open (hs->local_file, O_BINARY | O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR), "wb");
+          else
+              fp = fopen (hs->local_file, "wb");
+
 #endif /* def __VMS [else] */
         }
       else