diff options
Diffstat (limited to 'external/curl/CVE-2017-1000254.patch')
-rw-r--r-- | external/curl/CVE-2017-1000254.patch | 50 |
1 files changed, 0 insertions, 50 deletions
diff --git a/external/curl/CVE-2017-1000254.patch b/external/curl/CVE-2017-1000254.patch deleted file mode 100644 index 2e2af20f7258..000000000000 --- a/external/curl/CVE-2017-1000254.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 29b251362e1839d7094993edbed8f9467069773f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Mon, 25 Sep 2017 00:35:22 +0200 -Subject: [PATCH] FTP: zero terminate the entry path even on bad input - -... a single double quote could leave the entry path buffer without a zero -terminating byte. CVE-2017-1000254 - -Test 1152 added to verify. - -Reported-by: Max Dymond -Bug: https://curl.haxx.se/docs/adv_20171004.html ---- - lib/ftp.c | 7 ++++-- - tests/data/Makefile.inc | 1 + - tests/data/test1152 | 61 +++++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 67 insertions(+), 2 deletions(-) - create mode 100644 tests/data/test1152 - -diff -urN curl.org/lib/ftp.c curl/lib/ftp.c ---- curl.org/lib/ftp.c 2016-12-19 09:15:11.000000000 +0100 -+++ curl/lib/ftp.c 2018-09-10 05:52:32.148633155 +0200 -@@ -2825,6 +2825,7 @@ - char *ptr=&data->state.buffer[4]; /* start on the first letter */ - char *dir; - char *store; -+ bool entry_extracted = FALSE; - - dir = malloc(nread + 1); - if(!dir) -@@ -2856,7 +2857,7 @@ - } - else { - /* end of path */ -- *store = '\0'; /* zero terminate */ -+ entry_extracted = TRUE; - break; /* get out of this loop */ - } - } -@@ -2865,7 +2866,9 @@ - store++; - ptr++; - } -- -+ *store = '\0'; /* zero terminate */ -+ } -+ if(entry_extracted) { - /* If the path name does not look like an absolute path (i.e.: it - does not start with a '/'), we probably need some server-dependent - adjustments. For example, this is the case when connecting to |