Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
curl
curl-CVE-2023-27533.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2023-27533.patch of Package curl
From 538b1e79a6e7b0bb829ab4cecc828d32105d0684 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Mon, 6 Mar 2023 12:07:33 +0100 Subject: [PATCH] telnet: only accept option arguments in ascii To avoid embedded telnet negotiation commands etc. Reported-by: Harry Sintonen Closes #10728 --- lib/telnet.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) Index: curl-7.60.0/lib/telnet.c =================================================================== --- curl-7.60.0.orig/lib/telnet.c +++ curl-7.60.0/lib/telnet.c @@ -818,6 +818,17 @@ static void printsub(struct Curl_easy *d } } +static bool str_is_nonascii(const char *str) +{ + size_t len = strlen(str); + while(len--) { + if(*str & 0x80) + return TRUE; + str++; + } + return FALSE; +} + static CURLcode check_telnet_options(struct connectdata *conn) { struct curl_slist *head; @@ -830,6 +841,8 @@ static CURLcode check_telnet_options(str was given on the command line */ if(conn->bits.user_passwd) { char buffer[256]; + if(str_is_nonascii(data->easy_conn->user)) + return CURLE_BAD_FUNCTION_ARGUMENT; snprintf(buffer, sizeof(buffer), "USER,%s", data->easy_conn->user); beg = curl_slist_append(tn->telnet_vars, buffer); if(!beg) { @@ -849,6 +862,8 @@ static CURLcode check_telnet_options(str if(sep) { olen = sep - option; arg = ++sep; + if(str_is_nonascii(arg)) + continue; switch(olen) { case 5: /* Terminal type */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor