When uclient-fetch is called with multiple URL's, it derives the
first filename from the URL. It then sets the global output_file
variable, causing a use-after-free bug on an attempt to use it as output
file for the next file.
Fix this by avoiding the overwrite entirely by only setting a local
variable
Reported-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
static bool proxy = true;
static bool default_certs = false;
static bool no_output;
-static const char *output_file;
+static const char *opt_output_file;
static int output_fd = -1;
static int error_ret;
static off_t out_offset;
static int open_output_file(const char *path, uint64_t resume_offset)
{
+ const char *output_file = opt_output_file;
char *filename = NULL;
int flags;
int ret;
return;
}
- if (output_fd >= 0 && !output_file) {
+ if (output_fd >= 0 && !opt_output_file) {
close(output_fd);
output_fd = -1;
}
user_agent = optarg;
break;
case 'O':
- output_file = optarg;
+ opt_output_file = optarg;
break;
case 'P':
if (chdir(optarg)) {