Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
curl
curl-CVE-2023-27534.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2023-27534.patch of Package curl
From 4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Thu, 9 Mar 2023 16:22:11 +0100 Subject: [PATCH] curl_path: create the new path with dynbuf Closes #10729 --- lib/curl_path.c | 75 +++++++++++++++++++++++-------------------------- 1 file changed, 35 insertions(+), 40 deletions(-) Index: curl-7.37.0/lib/ssh.c =================================================================== --- curl-7.37.0.orig/lib/ssh.c +++ curl-7.37.0/lib/ssh.c @@ -87,6 +87,8 @@ #define _MPRINTF_REPLACE /* use our functions only */ #include <curl/mprintf.h> +#include "dynbuf.h" + #include "curl_memory.h" /* The last #include file should be: */ #include "memdebug.h" @@ -101,6 +103,10 @@ have their definition hidden well */ #endif +#ifndef MAX_SSHPATH_LEN +#define MAX_SSHPATH_LEN 100000 /* arbitrary */ +#endif + #define sftp_libssh2_last_error(s) curlx_ultosi(libssh2_sftp_last_error(s)) #define sftp_libssh2_realpath(s,p,t,m) \ @@ -405,61 +411,58 @@ static CURLcode ssh_getworkingpath(struc real path to work with */ { struct SessionHandle *data = conn->data; - char *real_path = NULL; char *working_path; int working_path_len; + struct dynbuf npath; working_path = curl_easy_unescape(data, data->state.path, 0, &working_path_len); if(!working_path) return CURLE_OUT_OF_MEMORY; + /* new path to switch to in case we need to */ + Curl_dyn_init(&npath, MAX_SSHPATH_LEN); + /* Check for /~/ , indicating relative to the user's home directory */ - if(conn->handler->protocol & CURLPROTO_SCP) { - real_path = malloc(working_path_len+1); - if(real_path == NULL) { + if((data->easy_conn->handler->protocol & CURLPROTO_SCP) && + (working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) { + /* It is referenced to the home directory, so strip the leading '/~/' */ + if(Curl_dyn_addn(&npath, &working_path[3], working_path_len - 3)) { free(working_path); return CURLE_OUT_OF_MEMORY; } - if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) - /* It is referenced to the home directory, so strip the leading '/~/' */ - memcpy(real_path, working_path+3, 4 + working_path_len-3); - else - memcpy(real_path, working_path, 1 + working_path_len); } - else if(conn->handler->protocol & CURLPROTO_SFTP) { - if((working_path_len > 1) && (working_path[1] == '~')) { - size_t homelen = strlen(homedir); - real_path = malloc(homelen + working_path_len + 1); - if(real_path == NULL) { - free(working_path); - return CURLE_OUT_OF_MEMORY; - } - /* It is referenced to the home directory, so strip the - leading '/' */ - memcpy(real_path, homedir, homelen); - real_path[homelen] = '/'; - real_path[homelen+1] = '\0'; - if(working_path_len > 3) { - memcpy(real_path+homelen+1, working_path + 3, - 1 + working_path_len -3); - } + else if((data->easy_conn->handler->protocol & CURLPROTO_SFTP) && + (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) { + size_t len; + const char *p; + int copyfrom = 3; + if(Curl_dyn_add(&npath, homedir)) { + free(working_path); + return CURLE_OUT_OF_MEMORY; } - else { - real_path = malloc(working_path_len+1); - if(real_path == NULL) { - free(working_path); - return CURLE_OUT_OF_MEMORY; - } - memcpy(real_path, working_path, 1+working_path_len); + /* Copy a separating '/' if homedir does not end with one */ + len = Curl_dyn_len(&npath); + p = Curl_dyn_ptr(&npath); + if(len && (p[len-1] != '/')) + copyfrom = 2; + + if(Curl_dyn_addn(&npath, + &working_path[copyfrom], + working_path_len - copyfrom)) { + free(working_path); + return CURLE_OUT_OF_MEMORY; } } - free(working_path); - - /* store the pointer for the caller to receive */ - *path = real_path; + if(Curl_dyn_len(&npath)) { + free(working_path); + /* store the pointer for the caller to receive */ + *path = Curl_dyn_ptr(&npath); + } + else + *path = working_path; return CURLE_OK; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor