telnet: check sscanf() for correct number of matches

CVE-2021-22898 Bug: https://curl.se/docs/CVE-2021-22898.html
author: Harry Sintonen <sintonen@iki.fi> 2021-05-07 13:09:57 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2021-05-24 07:56:05 +0200
commit: 39ce47f219b09c380b81f89fe54ac586c8db6bde (patch)
tree: 3fd719e6357a828802a2c4abdafe835d0bd178d5 /lib/telnet.c
parent: bbb71507b7bab52002f9b1e0880bed6a32834511 (diff)
download: curl-39ce47f219b09c380b81f89fe54ac586c8db6bde.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/telnet.c b/lib/telnet.c
index 26e0658ba..fdd137fb0 100644
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -922,7 +922,7 @@ static void suboption(struct Curl_easy *data)
         size_t tmplen = (strlen(v->data) + 1);
         /* Add the variable only if it fits */
         if(len + tmplen < (int)sizeof(temp)-6) {
-          if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
+          if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
             msnprintf((char *)&temp[len], sizeof(temp) - len,
                       "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
                       CURL_NEW_ENV_VALUE, varval);
author	Harry Sintonen <sintonen@iki.fi>	2021-05-07 13:09:57 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2021-05-24 07:56:05 +0200
commit	39ce47f219b09c380b81f89fe54ac586c8db6bde (patch)
tree	3fd719e6357a828802a2c4abdafe835d0bd178d5 /lib/telnet.c
parent	bbb71507b7bab52002f9b1e0880bed6a32834511 (diff)
download	curl-39ce47f219b09c380b81f89fe54ac586c8db6bde.tar.gz