File curl-CVE-2023-27533.patch of Package curl.30929

Overview Repositories Revisions Requests Users Attributes Meta

File curl-CVE-2023-27533.patch of Package curl.30929

From 538b1e79a6e7b0bb829ab4cecc828d32105d0684 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 6 Mar 2023 12:07:33 +0100
Subject: [PATCH] telnet: only accept option arguments in ascii

To avoid embedded telnet negotiation commands etc.

Reported-by: Harry Sintonen
Closes #10728
---
 lib/telnet.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

Index: curl-7.60.0/lib/telnet.c
===================================================================
--- curl-7.60.0.orig/lib/telnet.c
+++ curl-7.60.0/lib/telnet.c
@@ -818,6 +818,17 @@ static void printsub(struct Curl_easy *d
   }
 }
 
+static bool str_is_nonascii(const char *str)
+{
+  size_t len = strlen(str);
+  while(len--) {
+    if(*str & 0x80)
+      return TRUE;
+    str++;
+  }
+  return FALSE;
+}
+
 static CURLcode check_telnet_options(struct connectdata *conn)
 {
   struct curl_slist *head;
@@ -830,6 +841,8 @@ static CURLcode check_telnet_options(str
      was given on the command line */
   if(conn->bits.user_passwd) {
     char buffer[256];
+    if(str_is_nonascii(data->easy_conn->user))
+      return CURLE_BAD_FUNCTION_ARGUMENT;
     snprintf(buffer, sizeof(buffer), "USER,%s", data->easy_conn->user);
     beg = curl_slist_append(tn->telnet_vars, buffer);
     if(!beg) {
@@ -849,6 +862,8 @@ static CURLcode check_telnet_options(str
     if(sep) {
       olen = sep - option;
       arg = ++sep;
+      if(str_is_nonascii(arg))
+        continue;
       switch(olen) {
       case 5:
         /* Terminal type */

Places

File curl-CVE-2023-27533.patch of Package curl.30929

Places