aboutsummaryrefslogtreecommitdiff
path: root/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-01-31 08:40:11 +0100
committerDaniel Stenberg <daniel@haxx.se>2018-03-12 07:47:07 +0100
commit535432c0adb62fe167ec09621500470b6fa4eb0f (patch)
tree1f57399b99b215172fe58c051f9bf4180beace05 /docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3
parentd52dc4760f6d9ca1937eefa2093058a952465128 (diff)
FTP: reject path components with control codes
Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in the directory part when using the 'singlecwd' ftp method could make curl write a zero byte outside of the allocated buffer. Test case 340 verifies. CVE-2018-1000120 Reported-by: Duy Phan Thanh Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
Diffstat (limited to 'docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3')
0 files changed, 0 insertions, 0 deletions