From 0b664ba968437715819bfe4c7ada5679d16ebbc3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 10 Nov 2017 08:52:45 +0100 Subject: wildcardmatch: fix heap buffer overflow in setcharset The code would previous read beyond the end of the pattern string if the match pattern ends with an open bracket when the default pattern matching function is used. Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161 CVE-2017-8817 Bug: https://curl.haxx.se/docs/adv_2017-ae72.html --- tests/data/test1163 | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 tests/data/test1163 (limited to 'tests/data/test1163') diff --git a/tests/data/test1163 b/tests/data/test1163 new file mode 100644 index 000000000..a109b511b --- /dev/null +++ b/tests/data/test1163 @@ -0,0 +1,52 @@ + + + +FTP +RETR +LIST +wildcardmatch +ftplistparser +flaky + + + +# +# Server-side + + + + + +# Client-side + + +ftp + + +lib576 + + +FTP wildcard with pattern ending with an open-bracket + + +"ftp://%HOSTIP:%FTPPORT/fully_simulated/DOS/*[][" + + + + +USER anonymous +PASS ftp@example.com +PWD +CWD fully_simulated +CWD DOS +EPSV +TYPE A +LIST +QUIT + +# 78 == CURLE_REMOTE_FILE_NOT_FOUND + +78 + + + -- cgit v1.2.3