summaryrefslogtreecommitdiff
path: root/www/curl/patches/patch-CVE-2013-2174
diff options
context:
space:
mode:
Diffstat (limited to 'www/curl/patches/patch-CVE-2013-2174')
-rw-r--r--www/curl/patches/patch-CVE-2013-217416
1 files changed, 16 insertions, 0 deletions
diff --git a/www/curl/patches/patch-CVE-2013-2174 b/www/curl/patches/patch-CVE-2013-2174
new file mode 100644
index 00000000000..8a5ea0f664b
--- /dev/null
+++ b/www/curl/patches/patch-CVE-2013-2174
@@ -0,0 +1,16 @@
+$NetBSD: patch-CVE-2013-2174,v 1.1 2013/06/29 12:08:50 drochner Exp $
+
+see http://curl.haxx.se/docs/adv_20130622.html
+
+--- lib/escape.c.orig 2013-01-16 22:05:56.000000000 +0000
++++ lib/escape.c
+@@ -159,7 +159,8 @@ CURLcode Curl_urldecode(struct SessionHa
+
+ while(--alloc > 0) {
+ in = *string;
+- if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
++ if(('%' == in) && (alloc > 2) &&
++ ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
+ /* this is two hexadecimal digits following a '%' */
+ char hexstr[3];
+ char *ptr;
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-05 12:08:43 +0000