[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 21/29: file: on Windows, refuse paths that start with \\
From: |
gnunet |
Subject: |
[gnurl] 21/29: file: on Windows, refuse paths that start with \\ |
Date: |
Fri, 10 Jan 2020 23:05:59 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 1b71bc532bde8621fd3260843f8197182a467ff2
Author: Daniel Stenberg <address@hidden>
AuthorDate: Thu Nov 7 10:13:01 2019 +0100
file: on Windows, refuse paths that start with \\
... as that might cause an unexpected SMB connection to a given host
name.
Reported-by: Fernando Muñoz
CVE-2019-15601
Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
---
lib/file.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/file.c b/lib/file.c
index d349cd924..166931d7f 100644
--- a/lib/file.c
+++ b/lib/file.c
@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool
*done)
struct Curl_easy *data = conn->data;
char *real_path;
struct FILEPROTO *file = data->req.protop;
- int fd;
+ int fd = -1;
#ifdef DOS_FILESYSTEM
size_t i;
char *actual_path;
@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool
*done)
return CURLE_URL_MALFORMAT;
}
- fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
+ if(strncmp("\\\\", actual_path, 2))
+ /* refuse to open path that starts with two backslashes */
+ fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
file->path = actual_path;
#else
if(memchr(real_path, 0, real_path_len)) {
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 02/29: examples/postinmemory.c: Call curl_global_cleanup always, (continued)
- [gnurl] 02/29: examples/postinmemory.c: Call curl_global_cleanup always, gnunet, 2020/01/10
- [gnurl] 07/29: tool_operate: fix mem leak when failed config parse, gnunet, 2020/01/10
- [gnurl] 05/29: lib: fix warnings found when porting to NuttX, gnunet, 2020/01/10
- [gnurl] 06/29: lib: remove erroneous +x file permission on some c files, gnunet, 2020/01/10
- [gnurl] 09/29: bearssl: Improve I/O handling, gnunet, 2020/01/10
- [gnurl] 10/29: tests: Change NTLM tests to require SSL, gnunet, 2020/01/10
- [gnurl] 08/29: travis: Fix error detection, gnunet, 2020/01/10
- [gnurl] 11/29: tool: make a few char pointers point to const char instead, gnunet, 2020/01/10
- [gnurl] 23/29: file: fix copyright year range, gnunet, 2020/01/10
- [gnurl] 12/29: tests: Fix bounce requests with truncated writes, gnunet, 2020/01/10
- [gnurl] 21/29: file: on Windows, refuse paths that start with \\,
gnunet <=
- [gnurl] 20/29: CURLOPT_READFUNCTION.3: fix fopen params in example, gnunet, 2020/01/10
- [gnurl] 19/29: CURLOPT_READFUNCTION.3: fix variable name in example, gnunet, 2020/01/10
- [gnurl] 13/29: COPYING: it's 2020!, gnunet, 2020/01/10
- [gnurl] 24/29: multi.h: move INITIAL_MAX_CONCURRENT_STREAMS from public header, gnunet, 2020/01/10
- [gnurl] 17/29: docs: mention CURL_MAX_INPUT_LENGTH restrictions, gnunet, 2020/01/10
- [gnurl] 26/29: RELEASE-PROCEDURE: add four future release dates, gnunet, 2020/01/10
- [gnurl] 14/29: lib: fix compiler warnings with `CURL_DISABLE_VERBOSE_STRINGS`, gnunet, 2020/01/10
- [gnurl] 22/29: curl -w: handle a blank input file correctly, gnunet, 2020/01/10
- [gnurl] 18/29: curl:getparameter return error for --http3 if libcurl doesn't support, gnunet, 2020/01/10
- [gnurl] 25/29: TrackMemory tests: always remove CR before LF, gnunet, 2020/01/10