]> granicus.if.org Git - curl/commit
projects / curl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9b5e12a) | patch
wildcardmatch: fix heap buffer overflow in setcharset
authorDaniel Stenberg <daniel@haxx.se>
Fri, 10 Nov 2017 07:52:45 +0000 (08:52 +0100)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 27 Nov 2017 07:19:34 +0000 (08:19 +0100)
commit0b664ba968437715819bfe4c7ada5679d16ebbc3
treedc93d3b1c104f43a54b703bb69a71621c658cff8tree | snapshot
parent9b5e12a5491d2e6b68e0c88ca56f3a9ef9fba400commit | diff
wildcardmatch: fix heap buffer overflow in setcharset

The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pattern
matching function is used.

Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161

CVE-2017-8817

Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
lib/curl_fnmatch.c diff | blob | history
tests/data/Makefile.inc diff | blob | history
tests/data/test1163 [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.