diff options
| author | Brad King <brad.king@kitware.com> | 2023-10-12 19:41:37 (GMT) |
|---|---|---|
| committer | Brad King <brad.king@kitware.com> | 2023-10-12 19:54:53 (GMT) |
| commit | 701f52670f55830fbf0e592ffe5600a69889be8b (patch) | |
| tree | ccc6528bbd2ca91827ca1c305f8fdf285ea5e846 /Utilities | |
| parent | eace51a20cc9597878e92d96da97492af99d95c1 (diff) | |
| download | CMake-701f52670f55830fbf0e592ffe5600a69889be8b.zip CMake-701f52670f55830fbf0e592ffe5600a69889be8b.tar.gz CMake-701f52670f55830fbf0e592ffe5600a69889be8b.tar.bz2 | |
curl: Backport SOCKS5 heap buffer overflow fix from curl 8.4.0
Backport upstream curl commit `fb4415d8ae` (socks: return error if
hostname too long for remote resolve, 2023-10-11, curl-8_4_0~2) to
address CVE-2023-38545.
Issue: #25329
Diffstat (limited to 'Utilities')
| -rw-r--r-- | Utilities/cmcurl/lib/socks.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/Utilities/cmcurl/lib/socks.c b/Utilities/cmcurl/lib/socks.c index d491e08..e7da5b4 100644 --- a/Utilities/cmcurl/lib/socks.c +++ b/Utilities/cmcurl/lib/socks.c @@ -539,9 +539,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */ if(!socks5_resolve_local && hostname_len > 255) { - infof(data, "SOCKS5: server resolving disabled for hostnames of " - "length > 255 [actual len=%zu]", hostname_len); - socks5_resolve_local = TRUE; + failf(data, "SOCKS5: the destination hostname is too long to be " + "resolved remotely by the proxy."); + return CURLPX_LONG_HOSTNAME; } if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) @@ -882,7 +882,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, } else { socksreq[len++] = 3; - socksreq[len++] = (char) hostname_len; /* one byte address length */ + socksreq[len++] = (unsigned char) hostname_len; /* one byte length */ memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */ len += hostname_len; } |