1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
$NetBSD: patch-be,v 1.1 2012/01/26 11:25:55 drochner Exp $
CVE-2012-0036
--- lib/smtp.c.orig 2011-11-04 22:32:57.000000000 +0000
+++ lib/smtp.c
@@ -1243,7 +1243,6 @@ static CURLcode smtp_connect(struct conn
struct SessionHandle *data = conn->data;
struct pingpong *pp = &smtpc->pp;
const char *path = conn->data->state.path;
- int len;
char localhost[HOSTNAME_MAX + 1];
*done = FALSE; /* default to not done yet */
@@ -1315,9 +1314,9 @@ static CURLcode smtp_connect(struct conn
}
/* url decode the path and use it as domain with EHLO */
- smtpc->domain = curl_easy_unescape(conn->data, path, 0, &len);
- if(!smtpc->domain)
- return CURLE_OUT_OF_MEMORY;
+ result = Curl_urldecode(conn->data, path, 0, &smtpc->domain, NULL, TRUE);
+ if(result)
+ return result;
/* When we connect, we start in the state where we await the server greeting
*/
|