Skip to content

Commit 39ce47f

Browse files
Harry Sintonenbagder
Harry Sintonen
authored andcommitted
telnet: check sscanf() for correct number of matches
CVE-2021-22898 Bug: https://curl.se/docs/CVE-2021-22898.html
1 parent bbb7150 commit 39ce47f

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: lib/telnet.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -922,7 +922,7 @@ static void suboption(struct Curl_easy *data)
922922
size_t tmplen = (strlen(v->data) + 1);
923923
/* Add the variable only if it fits */
924924
if(len + tmplen < (int)sizeof(temp)-6) {
925-
if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
925+
if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
926926
msnprintf((char *)&temp[len], sizeof(temp) - len,
927927
"%c%s%c%s", CURL_NEW_ENV_VAR, varname,
928928
CURL_NEW_ENV_VALUE, varval);

0 commit comments

Comments
 (0)