1 From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001
2 From: Dan Fandrich <dan@coneharvesters.com>
3 Date: Sat, 11 Mar 2017 10:59:34 +0100
4 Subject: [PATCH] CVE-2017-7407: fixed
6 Bug: https://curl.haxx.se/docs/adv_20170403.html
8 Reported-by: Brian Carpenter
10 src/tool_writeout.c | 6 +++---
11 tests/data/Makefile.inc | 2 +-
12 tests/data/test1440 | 31 +++++++++++++++++++++++++++++++
13 tests/data/test1441 | 31 +++++++++++++++++++++++++++++++
14 tests/data/test1442 | 35 +++++++++++++++++++++++++++++++++++
15 5 files changed, 101 insertions(+), 4 deletions(-)
16 create mode 100644 tests/data/test1440
17 create mode 100644 tests/data/test1441
18 create mode 100644 tests/data/test1442
20 --- a/src/tool_writeout.c
21 +++ b/src/tool_writeout.c
23 * | (__| |_| | _ <| |___
24 * \___|\___/|_| \_\_____|
26 - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
27 + * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
29 * This software is licensed as described in the file COPYING, which
30 * you should have received as part of this distribution. The terms
31 @@ -113,7 +113,7 @@ void ourWriteOut(CURL *curl, struct OutS
36 + if('%' == *ptr && ptr[1]) {
38 /* an escaped %-letter */
40 @@ -341,7 +341,7 @@ void ourWriteOut(CURL *curl, struct OutS
44 - else if('\\' == *ptr) {
45 + else if('\\' == *ptr && ptr[1]) {
49 --- a/tests/data/Makefile.inc
50 +++ b/tests/data/Makefile.inc
51 @@ -150,7 +150,7 @@ test1408 test1409 test1410 test1411 test
52 test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
54 test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
55 -test1436 test1437 test1438 test1439 \
56 +test1436 test1437 test1438 test1439 test1440 test1441 test1442 \
58 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
59 test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
61 +++ b/tests/data/test1440
80 +Check --write-out with trailing %{
83 +file://localhost/%PWD/log/ --write-out '%{'
89 +<stdout nonewline="yes">
95 +++ b/tests/data/test1441
114 +Check --write-out with trailing %
117 +file://localhost/%PWD/log/ --write-out '%'
123 +<stdout nonewline="yes">
129 +++ b/tests/data/test1442
149 +Check --write-out with trailing \
152 +file://localhost/%PWD/log/non-existent-file.txt --write-out '\'
161 +<stdout nonewline="yes">