| From c9332fa5e84f24da300b42b1a931ade929d3e27d Mon Sep 17 00:00:00 2001 |
| From: Even Rouault <even.rouault@spatialys.com> |
| Date: Tue, 1 Aug 2017 17:17:06 +0200 |
| Subject: [PATCH] file: output the correct buffer to the user |
| |
| Regression brought by 7c312f84ea930d8 (April 2017) |
| |
| CVE: CVE-2017-1000099 |
| |
| Bug: https://curl.haxx.se/docs/adv_20170809C.html |
| |
| Credit to OSS-Fuzz for the discovery |
| |
| Upstream-Status: Backport |
| https://github.com/curl/curl/commit/c9332fa5e84f24da300b42b1a931ade929d3e27d |
| |
| Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> |
| --- |
| lib/file.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/lib/file.c b/lib/file.c |
| index bd426eac2..666cbe75b 100644 |
| --- a/lib/file.c |
| +++ b/lib/file.c |
| @@ -499,11 +499,11 @@ static CURLcode file_do(struct connectdata *conn, bool *done) |
| Curl_month[tm->tm_mon], |
| tm->tm_year + 1900, |
| tm->tm_hour, |
| tm->tm_min, |
| tm->tm_sec); |
| - result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0); |
| + result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0); |
| if(!result) |
| /* set the file size to make it available post transfer */ |
| Curl_pgrsSetDownloadSize(data, expected_size); |
| return result; |
| } |
| -- |
| 2.13.3 |
| |