wildcardmatch: fix heap buffer overflow in setcharset (0b664ba9) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

Unverified Commit 0b664ba9 authored Nov 10, 2017 by

Daniel Stenberg

wildcardmatch: fix heap buffer overflow in setcharset

The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pattern
matching function is used.

Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161

CVE-2017-8817

Bug: https://curl.haxx.se/docs/adv_2017-ae72.html

parent 9b5e12a5

Hide whitespace changes

Inline Side-by-side

Please register or to comment