mirror of
https://github.com/curl/curl.git
synced 2024-12-09 06:30:06 +08:00
0b664ba968
The code would previous read beyond the end of the pattern string if the match pattern ends with an open bracket when the default pattern matching function is used. Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161 CVE-2017-8817 Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
53 lines
582 B
Plaintext
53 lines
582 B
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
FTP
|
|
RETR
|
|
LIST
|
|
wildcardmatch
|
|
ftplistparser
|
|
flaky
|
|
</keywords>
|
|
</info>
|
|
|
|
#
|
|
# Server-side
|
|
<reply>
|
|
<data>
|
|
</data>
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
ftp
|
|
</server>
|
|
<tool>
|
|
lib576
|
|
</tool>
|
|
<name>
|
|
FTP wildcard with pattern ending with an open-bracket
|
|
</name>
|
|
<command>
|
|
"ftp://%HOSTIP:%FTPPORT/fully_simulated/DOS/*[]["
|
|
</command>
|
|
</client>
|
|
<verify>
|
|
<protocol>
|
|
USER anonymous
|
|
PASS ftp@example.com
|
|
PWD
|
|
CWD fully_simulated
|
|
CWD DOS
|
|
EPSV
|
|
TYPE A
|
|
LIST
|
|
QUIT
|
|
</protocol>
|
|
# 78 == CURLE_REMOTE_FILE_NOT_FOUND
|
|
<errorcode>
|
|
78
|
|
</errorcode>
|
|
</verify>
|
|
</testcase>
|