]> granicus.if.org Git - curl/commitdiff
projects / curl / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fa48987)
file: output the correct buffer to the user
authorEven Rouault <even.rouault@spatialys.com>
Tue, 1 Aug 2017 15:17:06 +0000 (17:17 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 7 Aug 2017 07:24:30 +0000 (09:24 +0200)
Regression brought by 7c312f84ea930d8 (April 2017)

CVE-2017-1000099

Bug: https://curl.haxx.se/docs/adv_20170809C.html

Credit to OSS-Fuzz for the discovery

lib/file.c patch | blob | history

diff --git a/lib/file.c b/lib/file.c
index bd426eac2c4a5bf8e6c317b535de1f54f5edce19..666cbe75be65ff4b3d209aed80ff9275cb7483a9 100644 (file)
--- a/lib/file.c
+++ b/lib/file.c
@@ -501,7 +501,7 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
              tm->tm_hour,
              tm->tm_min,
              tm->tm_sec);
-    result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+    result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
     if(!result)
       /* set the file size to make it available post transfer */
       Curl_pgrsSetDownloadSize(data, expected_size);
Unnamed repository; edit this file 'description' to name the repository.