diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2023-03-06 12:07:33 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2023-03-10 17:43:18 +0100 |
| commit | 538b1e79a6e7b0bb829ab4cecc828d32105d0684 (patch) | |
| tree | 19da7a887f7e89645c8e3f4cbeb720bec2088c2a | |
| parent | 674a0662cf937f2e3407e3d4237a41aa23ad5778 (diff) | |
| download | curl-538b1e79a6e7b0bb829ab4cecc828d32105d0684.tar.gz | |
telnet: only accept option arguments in ascii
To avoid embedded telnet negotiation commands etc.
Reported-by: Harry Sintonen
Closes #10728
| -rw-r--r-- | lib/telnet.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/lib/telnet.c b/lib/telnet.c index dc39de481..e4ffd853a 100644 --- a/lib/telnet.c +++ b/lib/telnet.c @@ -770,6 +770,17 @@ static void printsub(struct Curl_easy *data, } } +static bool str_is_nonascii(const char *str) +{ + size_t len = strlen(str); + while(len--) { + if(*str & 0x80) + return TRUE; + str++; + } + return FALSE; +} + static CURLcode check_telnet_options(struct Curl_easy *data) { struct curl_slist *head; @@ -781,6 +792,8 @@ static CURLcode check_telnet_options(struct Curl_easy *data) was given on the command line */ if(data->state.aptr.user) { char buffer[256]; + if(str_is_nonascii(data->conn->user)) + return CURLE_BAD_FUNCTION_ARGUMENT; msnprintf(buffer, sizeof(buffer), "USER,%s", data->conn->user); beg = curl_slist_append(tn->telnet_vars, buffer); if(!beg) { @@ -800,6 +813,8 @@ static CURLcode check_telnet_options(struct Curl_easy *data) if(sep) { olen = sep - option; arg = ++sep; + if(str_is_nonascii(arg)) + continue; switch(olen) { case 5: /* Terminal type */ |