diff options
author | Daniel Stenberg <daniel@haxx.se> | 2018-01-31 08:40:11 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-03-12 07:47:07 +0100 |
commit | 535432c0adb62fe167ec09621500470b6fa4eb0f (patch) | |
tree | 1f57399b99b215172fe58c051f9bf4180beace05 /docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3 | |
parent | d52dc4760f6d9ca1937eefa2093058a952465128 (diff) |
FTP: reject path components with control codes
Refuse to operate when given path components featuring byte values lower
than 32.
Previously, inserting a %00 sequence early in the directory part when
using the 'singlecwd' ftp method could make curl write a zero byte
outside of the allocated buffer.
Test case 340 verifies.
CVE-2018-1000120
Reported-by: Duy Phan Thanh
Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
Diffstat (limited to 'docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3')
0 files changed, 0 insertions, 0 deletions