]> granicus.if.org Git - curl/commit
projects / curl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 440dbcb) | patch
FTP: zero terminate the entry path even on bad input
authorDaniel Stenberg <daniel@haxx.se>
Sun, 24 Sep 2017 22:35:22 +0000 (00:35 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 2 Oct 2017 05:50:17 +0000 (07:50 +0200)
commit5ff2c5ff25750aba1a8f64fbcad8e5b891512584
tree25b6f46b52aa7271bb3255aa0907e968b024f0cetree | snapshot
parent440dbcb06e8dedba1551e32046a9415adb82eb0bcommit | diff
FTP: zero terminate the entry path even on bad input

... a single double quote could leave the entry path buffer without a zero
terminating byte. CVE-2017-1000254

Test 1152 added to verify.

Reported-by: Max Dymond
Bug: https://curl.haxx.se/docs/adv_20171004.html
lib/ftp.c diff | blob | history
tests/data/Makefile.inc diff | blob | history
tests/data/test1152 [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.