Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:yukoff:openSUSE:Leap:42.1:Backports
curl.6669
curl-7.37-CVE-2017-7407.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-7.37-CVE-2017-7407.patch of Package curl.6669
From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001 From: Dan Fandrich <dan@coneharvesters.com> Date: Sat, 11 Mar 2017 10:59:34 +0100 Subject: [PATCH] CVE-2017-7407: fixed Bug: https://curl.haxx.se/docs/adv_20170403.html Reported-by: Brian Carpenter --- src/tool_writeout.c | 6 +++--- tests/data/Makefile.inc | 2 +- tests/data/test1440 | 31 +++++++++++++++++++++++++++++++ tests/data/test1441 | 31 +++++++++++++++++++++++++++++++ tests/data/test1442 | 35 +++++++++++++++++++++++++++++++++++ 5 files changed, 101 insertions(+), 4 deletions(-) create mode 100644 tests/data/test1440 create mode 100644 tests/data/test1441 create mode 100644 tests/data/test1442 Index: curl-7.37.0/src/tool_writeout.c =================================================================== --- curl-7.37.0.orig/src/tool_writeout.c +++ curl-7.37.0/src/tool_writeout.c @@ -108,7 +108,7 @@ void ourWriteOut(CURL *curl, struct OutS double doubleinfo; while(ptr && *ptr) { - if('%' == *ptr) { + if('%' == *ptr && ptr[1]) { if('%' == ptr[1]) { /* an escaped %-letter */ fputc('%', stream); @@ -299,7 +299,7 @@ void ourWriteOut(CURL *curl, struct OutS } } } - else if('\\' == *ptr) { + else if('\\' == *ptr && ptr[1]) { switch(ptr[1]) { case 'r': fputc('\r', stream); Index: curl-7.37.0/tests/data/test1440 =================================================================== --- /dev/null +++ curl-7.37.0/tests/data/test1440 @@ -0,0 +1,31 @@ +<testcase> +<info> +<keywords> +--write-out +</keywords> +</info> +# Server-side +<reply> +</reply> + +# Client-side +<client> +<server> +file +</server> + +<name> +Check --write-out with trailing %{ +</name> +<command> +file://localhost/%PWD/log/ --write-out '%{' +</command> +</client> + +# Verify data +<verify> +<stdout nonewline="yes"> +%{ +</stdout> +</verify> +</testcase> Index: curl-7.37.0/tests/data/test1441 =================================================================== --- /dev/null +++ curl-7.37.0/tests/data/test1441 @@ -0,0 +1,31 @@ +<testcase> +<info> +<keywords> +--write-out +</keywords> +</info> +# Server-side +<reply> +</reply> + +# Client-side +<client> +<server> +file +</server> + +<name> +Check --write-out with trailing % +</name> +<command> +file://localhost/%PWD/log/ --write-out '%' +</command> +</client> + +# Verify data +<verify> +<stdout nonewline="yes"> +% +</stdout> +</verify> +</testcase> Index: curl-7.37.0/tests/data/test1442 =================================================================== --- /dev/null +++ curl-7.37.0/tests/data/test1442 @@ -0,0 +1,35 @@ +<testcase> +<info> +<keywords> +--write-out +FILE +</keywords> +</info> +# Server-side +<reply> +</reply> + +# Client-side +<client> +<server> +file +</server> + +<name> +Check --write-out with trailing \ +</name> +<command> +file://localhost/%PWD/log/non-existent-file.txt --write-out '\' +</command> +</client> + +# Verify data +<verify> +<errorcode> +37 +</errorcode> +<stdout nonewline="yes"> +\ +</stdout> +</verify> +</testcase> Index: curl-7.37.0/tests/data/Makefile.am =================================================================== --- curl-7.37.0.orig/tests/data/Makefile.am +++ curl-7.37.0/tests/data/Makefile.am @@ -125,6 +125,7 @@ test1408 test1409 test1410 test1411 test test1416 test1417 test1418 test1419 \ \ test1428 \ +test1440 test1441 test1442 \ \ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ Index: curl-7.37.0/tests/data/Makefile.in =================================================================== --- curl-7.37.0.orig/tests/data/Makefile.in +++ curl-7.37.0/tests/data/Makefile.in @@ -433,6 +433,7 @@ test1408 test1409 test1410 test1411 test test1416 test1417 test1418 test1419 \ \ test1428 \ +test1440 test1441 test1442 \ \ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor