diff options
author | Daniel Stenberg <daniel@haxx.se> | 2018-01-31 08:40:11 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-03-12 07:47:07 +0100 |
commit | 535432c0adb62fe167ec09621500470b6fa4eb0f (patch) | |
tree | 1f57399b99b215172fe58c051f9bf4180beace05 /tests | |
parent | d52dc4760f6d9ca1937eefa2093058a952465128 (diff) |
FTP: reject path components with control codes
Refuse to operate when given path components featuring byte values lower
than 32.
Previously, inserting a %00 sequence early in the directory part when
using the 'singlecwd' ftp method could make curl write a zero byte
outside of the allocated buffer.
Test case 340 verifies.
CVE-2018-1000120
Reported-by: Duy Phan Thanh
Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
Diffstat (limited to 'tests')
-rw-r--r-- | tests/data/Makefile.inc | 3 | ||||
-rw-r--r-- | tests/data/test340 | 40 |
2 files changed, 43 insertions, 0 deletions
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 7a989867d..97daf00ce 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -57,6 +57,9 @@ test298 test299 test300 test301 test302 test303 test304 test305 test306 \ test307 test308 test309 test310 test311 test312 test313 test314 test315 \ test316 test317 test318 test319 test320 test321 test322 test323 test324 \ test325 test326 \ +\ +test340 \ +\ test350 test351 test352 test353 test354 \ test393 test394 test395 \ \ diff --git a/tests/data/test340 b/tests/data/test340 new file mode 100644 index 000000000..d834d767c --- /dev/null +++ b/tests/data/test340 @@ -0,0 +1,40 @@ +<testcase> +<info> +<keywords> +FTP +PASV +CWD +--ftp-method +singlecwd +</keywords> +</info> +# +# Server-side +<reply> +</reply> + +# Client-side +<client> +<server> +ftp +</server> + <name> +FTP using %00 in path with singlecwd + </name> + <command> +--ftp-method singlecwd ftp://%HOSTIP:%FTPPORT/%00first/second/third/340 +</command> +</client> + +# Verify data after the test has been "shot" +<verify> +<protocol> +USER anonymous
+PASS ftp@example.com
+PWD
+</protocol> +<errorcode> +3 +</errorcode> +</verify> +</testcase> |