summaryrefslogtreecommitdiff
path: root/tests/data/test887
diff options
context:
space:
mode:
authorPatrick Monnerat <patrick@monnerat.net>2021-09-07 13:26:42 +0200
committerDaniel Stenberg <daniel@haxx.se>2021-09-13 16:51:31 +0200
commit8ef147c43646e91fdaad5d0e7b60351f842e5c68 (patch)
tree61bc65da37b6c6e56a161c3ce841d15a4cc8b786 /tests/data/test887
parent364f174724ef115c63d5e5dc1d3342c8a43b1cca (diff)
downloadcurl-8ef147c43646e91fdaad5d0e7b60351f842e5c68.tar.gz
ftp,imap,pop3,smtp: reject STARTTLS server response pipelining
If a server pipelines future responses within the STARTTLS response, the former are preserved in the pingpong cache across TLS negotiation and used as responses to the encrypted commands. This fix detects pipelined STARTTLS responses and rejects them with an error. CVE-2021-22947 Bug: https://curl.se/docs/CVE-2021-22947.html
Diffstat (limited to 'tests/data/test887')
0 files changed, 0 insertions, 0 deletions