1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-17 23:15:08 -05:00
curl/tests/data/test1163
Daniel Stenberg 0b664ba968
wildcardmatch: fix heap buffer overflow in setcharset
The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pattern
matching function is used.

Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161

CVE-2017-8817

Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
2017-11-27 08:19:34 +01:00

53 lines
582 B
Plaintext

<testcase>
<info>
<keywords>
FTP
RETR
LIST
wildcardmatch
ftplistparser
flaky
</keywords>
</info>
#
# Server-side
<reply>
<data>
</data>
</reply>
# Client-side
<client>
<server>
ftp
</server>
<tool>
lib576
</tool>
<name>
FTP wildcard with pattern ending with an open-bracket
</name>
<command>
"ftp://%HOSTIP:%FTPPORT/fully_simulated/DOS/*[]["
</command>
</client>
<verify>
<protocol>
USER anonymous
PASS ftp@example.com
PWD
CWD fully_simulated
CWD DOS
EPSV
TYPE A
LIST
QUIT
</protocol>
# 78 == CURLE_REMOTE_FILE_NOT_FOUND
<errorcode>
78
</errorcode>
</verify>
</testcase>