romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-21 08:15:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

pingpong: reject nul byte in server response line

Browse source 
Add test 2108 covering the rejection over FTP. Drop the now-vestigial
nul bytes from test 1282; they exercised the removed Kerberos FTP
security buffer check and now trip this rejection before the 633
login-denied path is reached.

Closes #21996
This commit is contained in:
alhudz 2026-06-13 13:34:51 +05:30 committed by Daniel Stenberg
parent a7e35c9194
commit 2f8fb98c5f
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
4 changed files with 50 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/pingpong.c
View file

@ -292,6 +292,13 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data,
the line is not really terminated until the LF comes */
size_t length = nl - line + 1;
if(memchr(line, 0, length)) {
/* The response line is passed on as a "header" below, so reject an
embedded nul the same way verify_header() does for HTTP. */
failf(data, "Nul byte in server response line");
return CURLE_WEIRD_SERVER_REPLY;
}
/* output debug output if that is requested */
Curl_debug(data, CURLINFO_HEADER_IN, line, length);