R5Reloaded/r5sdk
1
0
Fork 0
mirror of https://github.com/Mauler125/r5sdk.git synced 2025-02-09 19:15:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix CVE-2021-22925

Browse Source 
Merge: curl/curl@894f6ec730
This commit is contained in:
Kawe Mazidjatari 2023-06-13 11:30:39 +02:00
parent 44650ac245
commit 9529519fa3
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
r5dev/thirdparty/curl/telnet.c vendored
View File

@ -968,12 +968,17 @@ static void suboption(struct connectdata *conn)
tmplen = (strlen(v->data) + 1);
/* Add the variable only if it fits */
if(len + tmplen < (int)sizeof(temp)-6) {
if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
snprintf((char *)&temp[len], sizeof(temp) - len,
"%c%s%c%s", CURL_NEW_ENV_VAR, varname,
CURL_NEW_ENV_VALUE, varval);
len += tmplen;
}
int rv;
char sep[2] = "";
varval[0] = 0;
rv = sscanf(v->data, "%127[^,]%1[,]%127s", varname, sep, varval);
if(rv == 1)
len += snprintf((char *)&temp[len], sizeof(temp) - len,
"%c%s", CURL_NEW_ENV_VAR, varname);
else if(rv >= 2)
len += snprintf((char *)&temp[len], sizeof(temp) - len,
"%c%s%c%s", CURL_NEW_ENV_VAR, varname,
CURL_NEW_ENV_VALUE, varval);
}
}
snprintf((char *)&temp[len], sizeof(temp) - len,