File curl-CVE-2023-27533.patch of Package curl.28980

Overview Repositories Revisions Requests Users Attributes Meta

File curl-CVE-2023-27533.patch of Package curl.28980

From 538b1e79a6e7b0bb829ab4cecc828d32105d0684 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 6 Mar 2023 12:07:33 +0100
Subject: [PATCH] telnet: only accept option arguments in ascii

To avoid embedded telnet negotiation commands etc.

Reported-by: Harry Sintonen
Closes #10728
---
 lib/telnet.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

Index: curl-7.66.0/lib/telnet.c
===================================================================
--- curl-7.66.0.orig/lib/telnet.c
+++ curl-7.66.0/lib/telnet.c
@@ -815,6 +815,17 @@ static void printsub(struct Curl_easy *d
   }
 }
 
+static bool str_is_nonascii(const char *str)
+{
+  size_t len = strlen(str);
+  while(len--) {
+    if(*str & 0x80)
+      return TRUE;
+    str++;
+  }
+  return FALSE;
+}
+
 static CURLcode check_telnet_options(struct connectdata *conn)
 {
   struct curl_slist *head;
@@ -827,6 +838,8 @@ static CURLcode check_telnet_options(str
      was given on the command line */
   if(conn->bits.user_passwd) {
     char buffer[256];
+    if(str_is_nonascii(data->conn->user))
+      return CURLE_BAD_FUNCTION_ARGUMENT;
     msnprintf(buffer, sizeof(buffer), "USER,%s", data->conn->user);
     beg = curl_slist_append(tn->telnet_vars, buffer);
     if(!beg) {
@@ -848,6 +861,8 @@ static CURLcode check_telnet_options(str
     if(sep) {
       olen = sep - option;
       arg = ++sep;
+      if(str_is_nonascii(arg))
+        continue;
       switch(olen) {
       case 5:
         /* Terminal type */

Places

File curl-CVE-2023-27533.patch of Package curl.28980

Places