mirror of
https://github.com/curl/curl.git
synced 2024-12-15 06:40:09 +08:00
535432c0ad
Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in the directory part when using the 'singlecwd' ftp method could make curl write a zero byte outside of the allocated buffer. Test case 340 verifies. CVE-2018-1000120 Reported-by: Duy Phan Thanh Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
41 lines
493 B
Plaintext
41 lines
493 B
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
FTP
|
|
PASV
|
|
CWD
|
|
--ftp-method
|
|
singlecwd
|
|
</keywords>
|
|
</info>
|
|
#
|
|
# Server-side
|
|
<reply>
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
ftp
|
|
</server>
|
|
<name>
|
|
FTP using %00 in path with singlecwd
|
|
</name>
|
|
<command>
|
|
--ftp-method singlecwd ftp://%HOSTIP:%FTPPORT/%00first/second/third/340
|
|
</command>
|
|
</client>
|
|
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<protocol>
|
|
USER anonymous
|
|
PASS ftp@example.com
|
|
PWD
|
|
</protocol>
|
|
<errorcode>
|
|
3
|
|
</errorcode>
|
|
</verify>
|
|
</testcase>
|