From 0646b68da4119e3ad80289e80f470e75576debdc Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Dec 08 2017 16:09:00 +0000
Subject: Fix segfault when calling strchr in http.c (#1511562)


Signed-off-by: Tomas Hozza <thozza@redhat.com>

---

diff --git a/wget-1.19.2-fix-segfault-in-http-c.patch b/wget-1.19.2-fix-segfault-in-http-c.patch
new file mode 100644
index 0000000..5429020
--- /dev/null
+++ b/wget-1.19.2-fix-segfault-in-http-c.patch
@@ -0,0 +1,46 @@
+diff --git a/src/http.c b/src/http.c
+index dc31823..47de828 100644
+--- a/src/http.c
++++ b/src/http.c
+@@ -3712,22 +3712,30 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs,
+                && opt.compression != compression_none)
+         {
+           /* Make sure the Content-Type is not gzip before decompressing */
+-          const char * p = strchr (type, '/');
+-          if (p == NULL)
+-            {
+-              hs->remote_encoding = ENC_GZIP;
+-              hs->local_encoding = ENC_NONE;
+-            }
+-          else
++          if (type)
+             {
+-              p++;
+-              if (c_tolower(p[0]) == 'x' && p[1] == '-')
+-                p += 2;
+-              if (0 != c_strcasecmp (p, "gzip"))
++              const char * p = strchr (type, '/');
++              if (p == NULL)
+                 {
+                   hs->remote_encoding = ENC_GZIP;
+                   hs->local_encoding = ENC_NONE;
+                 }
++              else
++                {
++                  p++;
++                  if (c_tolower(p[0]) == 'x' && p[1] == '-')
++                    p += 2;
++                  if (0 != c_strcasecmp (p, "gzip"))
++                    {
++                      hs->remote_encoding = ENC_GZIP;
++                      hs->local_encoding = ENC_NONE;
++                    }
++                }
++            }
++          else
++            {
++               hs->remote_encoding = ENC_GZIP;
++               hs->local_encoding = ENC_NONE;
+             }
+         }
+ #endif
diff --git a/wget.spec b/wget.spec
index 6a84e33..75e5d1a 100644
--- a/wget.spec
+++ b/wget.spec
@@ -1,13 +1,15 @@
 Summary: A utility for retrieving files using the HTTP or FTP protocols
 Name: wget
 Version: 1.19.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv3+
 Group: Applications/Internet
 Url: http://www.gnu.org/software/wget/
 Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.gz
 
 Patch1: wget-1.17-path.patch
+# http://git.savannah.gnu.org/cgit/wget.git/commit/?id=973c26ed7d51052a7b6e120ed1b84e47266667e1
+Patch2: wget-1.19.2-fix-segfault-in-http-c.patch
 
 Provides: webclient
 Provides: bundled(gnulib) 
@@ -35,6 +37,7 @@ sed -i "s|\(PACKAGE_STRING='wget .*\)'|\1 (Red Hat modified)'|" configure
 grep "PACKAGE_STRING='wget .* (Red Hat modified)'" configure || exit 1
 
 %patch1 -p1 -b .path
+%patch2 -p1 -b .http_segfault
 
 %build
 %configure \
@@ -81,6 +84,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_infodir}/*
 
 %changelog
+* Fri Dec 08 2017 Tomas Hozza <thozza@redhat.com> - 1.19.2-2
+- Fix segfault when calling strchr in http.c (#1511562)
+
 * Fri Oct 27 2017 Tomas Hozza <thozza@redhat.com> - 1.19.2-1
 - Update to latest upstream version due to CVE-2017-13089 CVE-2017-13090