moparisthebest/curl - curl - code.moparisthebest.com

moparisthebest/curl

Fork 0

mirror of https://github.com/moparisthebest/curl synced 2024-11-05 09:05:04 -05:00

Commit Graph

Author	SHA1	Message	Date
Daniel Stenberg	535432c0ad	FTP: reject path components with control codes Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in the directory part when using the 'singlecwd' ftp method could make curl write a zero byte outside of the allocated buffer. Test case 340 verifies. CVE-2018-1000120 Reported-by: Duy Phan Thanh Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html	2018-03-12 07:47:07 +01:00

Author

SHA1

Message

Date

Daniel Stenberg

535432c0ad

FTP: reject path components with control codes

Refuse to operate when given path components featuring byte values lower
than 32.

Previously, inserting a %00 sequence early in the directory part when
using the 'singlecwd' ftp method could make curl write a zero byte
outside of the allocated buffer.

Test case 340 verifies.

CVE-2018-1000120
Reported-by: Duy Phan Thanh
Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html

2018-03-12 07:47:07 +01:00

1 Commits