diff options
author | Daniel Stenberg <daniel@haxx.se> | 2017-11-10 08:52:45 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2017-11-27 08:19:34 +0100 |
commit | 0b664ba968437715819bfe4c7ada5679d16ebbc3 (patch) | |
tree | dc93d3b1c104f43a54b703bb69a71621c658cff8 /tests/data/test1163 | |
parent | 9b5e12a5491d2e6b68e0c88ca56f3a9ef9fba400 (diff) |
wildcardmatch: fix heap buffer overflow in setcharset
The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pattern
matching function is used.
Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161
CVE-2017-8817
Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
Diffstat (limited to 'tests/data/test1163')
-rw-r--r-- | tests/data/test1163 | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/tests/data/test1163 b/tests/data/test1163 new file mode 100644 index 000000000..a109b511b --- /dev/null +++ b/tests/data/test1163 @@ -0,0 +1,52 @@ +<testcase> +<info> +<keywords> +FTP +RETR +LIST +wildcardmatch +ftplistparser +flaky +</keywords> +</info> + +# +# Server-side +<reply> +<data> +</data> +</reply> + +# Client-side +<client> +<server> +ftp +</server> +<tool> +lib576 +</tool> +<name> +FTP wildcard with pattern ending with an open-bracket +</name> +<command> +"ftp://%HOSTIP:%FTPPORT/fully_simulated/DOS/*[][" +</command> +</client> +<verify> +<protocol> +USER anonymous
+PASS ftp@example.com
+PWD
+CWD fully_simulated
+CWD DOS
+EPSV
+TYPE A
+LIST
+QUIT
+</protocol> +# 78 == CURLE_REMOTE_FILE_NOT_FOUND +<errorcode> +78 +</errorcode> +</verify> +</testcase> |