curl/tests/data/test1152
Daniel Stenberg 5ff2c5ff25
FTP: zero terminate the entry path even on bad input
... a single double quote could leave the entry path buffer without a zero
terminating byte. CVE-2017-1000254

Test 1152 added to verify.

Reported-by: Max Dymond
Bug: https://curl.haxx.se/docs/adv_20171004.html
2017-10-02 07:50:17 +02:00

62 lines
1.2 KiB
Plaintext

<testcase>
<info>
<keywords>
FTP
PASV
LIST
</keywords>
</info>
#
# Server-side
<reply>
<servercmd>
REPLY PWD 257 "just one
</servercmd>
# When doing LIST, we get the default list output hard-coded in the test
# FTP server
<data mode="text">
total 20
drwxr-xr-x 8 98 98 512 Oct 22 13:06 .
drwxr-xr-x 8 98 98 512 Oct 22 13:06 ..
drwxr-xr-x 2 98 98 512 May 2 1996 curl-releases
-r--r--r-- 1 0 1 35 Jul 16 1996 README
lrwxrwxrwx 1 0 1 7 Dec 9 1999 bin -> usr/bin
dr-xr-xr-x 2 0 1 512 Oct 1 1997 dev
drwxrwxrwx 2 98 98 512 May 29 16:04 download.html
dr-xr-xr-x 2 0 1 512 Nov 30 1995 etc
drwxrwxrwx 2 98 1 512 Oct 30 14:33 pub
dr-xr-xr-x 5 0 1 512 Oct 1 1997 usr
</data>
</reply>
#
# Client-side
<client>
<server>
ftp
</server>
<name>
FTP with uneven quote in PWD response
</name>
<command>
ftp://%HOSTIP:%FTPPORT/test-1152/
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
<protocol>
USER anonymous
PASS ftp@example.com
PWD
CWD test-1152
EPSV
TYPE A
LIST
QUIT
</protocol>
</verify>
</testcase>