projects / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c163286) | patch
[PATCH] socks: return error if hostname too long for remote resolve
authorJay Satiro <raysatiro@yahoo.com>
Sat, 30 Sep 2023 07:40:02 +0000 (03:40 -0400)
committerAquila Macedo Costa <aquilamacedo@riseup.net>
Tue, 17 Sep 2024 19:29:24 +0000 (16:29 -0300)
commitfb272a0a7910a7b7ab68ace32a22fcf02b1e039c
tree7c7b24343d02a38682e5199d3932a3d5ddc8e515tree | snapshot
parentc1632860062e672262c45972eaa20fa4f1fa6300commit | diff
[PATCH] socks: return error if hostname too long for remote resolve

Prior to this change the state machine attempted to change the remote
resolve to a local resolve if the hostname was longer than 255
characters. Unfortunately that did not work as intended and caused a
security issue.

Name resolvers cannot resolve hostnames longer than 255 characters.

Bug: https://curl.se/docs/CVE-2023-38545.html

Backported by: Samuel Henrique <samueloph@debian.org>

Gbp-Pq: Name CVE-2023-38545.patch
lib/socks.c diff | blob | history
tests/data/Makefile.inc diff | blob | history
tests/data/test728 [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.