Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
curl.27109
curl-CVE-2021-22925.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2021-22925.patch of Package curl.27109
From cfc17716133ad1f8b99094c9a0ad15f1cfb63525 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Sat, 12 Jun 2021 18:25:15 +0200 Subject: [PATCH] telnet: fix option parser to not send uninitialized contents CVS-2021-22925 Reported-by: Red Hat Product Security Bug: https://curl.se/docs/CVE-2021-22925.html --- lib/telnet.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) Index: curl-7.66.0/lib/telnet.c =================================================================== --- curl-7.66.0.orig/lib/telnet.c +++ curl-7.66.0/lib/telnet.c @@ -967,12 +967,17 @@ static void suboption(struct connectdata size_t tmplen = (strlen(v->data) + 1); /* Add the variable only if it fits */ if(len + tmplen < (int)sizeof(temp)-6) { - if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) { - msnprintf((char *)&temp[len], sizeof(temp) - len, - "%c%s%c%s", CURL_NEW_ENV_VAR, varname, - CURL_NEW_ENV_VALUE, varval); - len += tmplen; - } + int rv; + char sep[2] = ""; + varval[0] = 0; + rv = sscanf(v->data, "%127[^,]%1[,]%127s", varname, sep, varval); + if(rv == 1) + len += msnprintf((char *)&temp[len], sizeof(temp) - len, + "%c%s", CURL_NEW_ENV_VAR, varname); + else if(rv >= 2) + len += msnprintf((char *)&temp[len], sizeof(temp) - len, + "%c%s%c%s", CURL_NEW_ENV_VAR, varname, + CURL_NEW_ENV_VALUE, varval); } } msnprintf((char *)&temp[len], sizeof(temp) - len,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor