Skip to content

Commit 1b71bc5

Browse files
bagderbagder
committed
file: on Windows, refuse paths that start with \\
... as that might cause an unexpected SMB connection to a given host name. Reported-by: Fernando Muñoz CVE-2019-15601 Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
1 parent aeb32d0 commit 1b71bc5

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

lib/file.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
136136
struct Curl_easy *data = conn->data;
137137
char *real_path;
138138
struct FILEPROTO *file = data->req.protop;
139-
int fd;
139+
int fd = -1;
140140
#ifdef DOS_FILESYSTEM
141141
size_t i;
142142
char *actual_path;
@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
181181
return CURLE_URL_MALFORMAT;
182182
}
183183

184-
fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
184+
if(strncmp("\\\\", actual_path, 2))
185+
/* refuse to open path that starts with two backslashes */
186+
fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
185187
file->path = actual_path;
186188
#else
187189
if(memchr(real_path, 0, real_path_len)) {

0 commit comments

Comments
 (0)