Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
curl.5841
curl-7.37.0-CVE-2017-1000100.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-7.37.0-CVE-2017-1000100.patch of Package curl.5841
From 241dc3b7cd36b329c6cebacc2193b82a130d8f1c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Mon, 31 Jul 2017 18:50:52 +0200 Subject: [PATCH] tftp: reject file name lengths that don't fit ... and thereby avoid telling send() to send off more bytes than the size of the buffer! Bug: Reported-by: Even Rouault --- lib/tftp.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) Index: curl-7.37.0/lib/tftp.c =================================================================== --- curl-7.37.0.orig/lib/tftp.c +++ curl-7.37.0/lib/tftp.c @@ -491,6 +491,11 @@ static CURLcode tftp_send_first(tftp_sta NULL); if(!filename) return CURLE_OUT_OF_MEMORY; + + if(strlen(filename) > (state->blksize - strlen(mode) - 4)) { + failf(data, "TFTP file name too long\n"); + return CURLE_TFTP_ILLEGAL; /* too long file name field */ + } snprintf((char *)state->spacket.data+2, state->blksize,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor