]> granicus.if.org Git - curl/commit
projects / curl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d52dc47) | patch
FTP: reject path components with control codes
authorDaniel Stenberg <daniel@haxx.se>
Wed, 31 Jan 2018 07:40:11 +0000 (08:40 +0100)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 12 Mar 2018 06:47:07 +0000 (07:47 +0100)
commit535432c0adb62fe167ec09621500470b6fa4eb0f
tree1f57399b99b215172fe58c051f9bf4180beace05tree | snapshot
parentd52dc4760f6d9ca1937eefa2093058a952465128commit | diff
FTP: reject path components with control codes

Refuse to operate when given path components featuring byte values lower
than 32.

Previously, inserting a %00 sequence early in the directory part when
using the 'singlecwd' ftp method could make curl write a zero byte
outside of the allocated buffer.

Test case 340 verifies.

CVE-2018-1000120
Reported-by: Duy Phan Thanh
Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
lib/ftp.c diff | blob | history
tests/data/Makefile.inc diff | blob | history
tests/data/test340 [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.