1 From a6ae0fbe9c50733e0f645f5bd16e1db38c592c3d Mon Sep 17 00:00:00 2001
2 From: Daniel Stenberg <daniel@haxx.se>
3 Date: Wed, 31 Jan 2018 08:40:11 +0100
4 Subject: [PATCH] FTP: reject path components with control codes
6 Refuse to operate when given path components featuring byte values lower
9 Previously, inserting a %00 sequence early in the directory part when
10 using the 'singlecwd' ftp method could make curl write a zero byte
11 outside of the allocated buffer.
13 Test case 340 verifies.
16 Reported-by: Duy Phan Thanh
17 Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
19 lib/ftp.c | 8 ++++----
20 tests/data/Makefile.inc | 3 +++
21 tests/data/test340 | 40 ++++++++++++++++++++++++++++++++++++++++
22 3 files changed, 47 insertions(+), 4 deletions(-)
23 create mode 100644 tests/data/test340
27 @@ -3235,7 +3235,7 @@ static CURLcode ftp_done(struct connectd
30 /* get the "raw" path */
31 - result = Curl_urldecode(data, path_to_use, 0, &path, NULL, FALSE);
32 + result = Curl_urldecode(data, path_to_use, 0, &path, NULL, TRUE);
34 /* We can limp along anyway (and should try to since we may already be in
36 @@ -4241,7 +4241,7 @@ CURLcode ftp_parse_url_path(struct conne
37 result = Curl_urldecode(conn->data, slash_pos ? cur_pos : "/",
38 slash_pos ? dirlen : 1,
45 @@ -4349,7 +4349,7 @@ CURLcode ftp_parse_url_path(struct conne
49 - Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, FALSE);
50 + Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, TRUE);
projects / openwrt / staging / pepe2k.git / blob