mirror of
https://github.com/curl/curl.git
synced 2024-11-21 01:16:58 +08:00
5ff2c5ff25
... a single double quote could leave the entry path buffer without a zero terminating byte. CVE-2017-1000254 Test 1152 added to verify. Reported-by: Max Dymond Bug: https://curl.haxx.se/docs/adv_20171004.html
62 lines
1.2 KiB
Plaintext
62 lines
1.2 KiB
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
FTP
|
|
PASV
|
|
LIST
|
|
</keywords>
|
|
</info>
|
|
#
|
|
# Server-side
|
|
<reply>
|
|
<servercmd>
|
|
REPLY PWD 257 "just one
|
|
</servercmd>
|
|
|
|
# When doing LIST, we get the default list output hard-coded in the test
|
|
# FTP server
|
|
<data mode="text">
|
|
total 20
|
|
drwxr-xr-x 8 98 98 512 Oct 22 13:06 .
|
|
drwxr-xr-x 8 98 98 512 Oct 22 13:06 ..
|
|
drwxr-xr-x 2 98 98 512 May 2 1996 curl-releases
|
|
-r--r--r-- 1 0 1 35 Jul 16 1996 README
|
|
lrwxrwxrwx 1 0 1 7 Dec 9 1999 bin -> usr/bin
|
|
dr-xr-xr-x 2 0 1 512 Oct 1 1997 dev
|
|
drwxrwxrwx 2 98 98 512 May 29 16:04 download.html
|
|
dr-xr-xr-x 2 0 1 512 Nov 30 1995 etc
|
|
drwxrwxrwx 2 98 1 512 Oct 30 14:33 pub
|
|
dr-xr-xr-x 5 0 1 512 Oct 1 1997 usr
|
|
</data>
|
|
</reply>
|
|
|
|
#
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
ftp
|
|
</server>
|
|
<name>
|
|
FTP with uneven quote in PWD response
|
|
</name>
|
|
<command>
|
|
ftp://%HOSTIP:%FTPPORT/test-1152/
|
|
</command>
|
|
</client>
|
|
|
|
#
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<protocol>
|
|
USER anonymous
|
|
PASS ftp@example.com
|
|
PWD
|
|
CWD test-1152
|
|
EPSV
|
|
TYPE A
|
|
LIST
|
|
QUIT
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|