diff options
| author | JinWang An <jinwang.an@samsung.com> | 2021-02-19 09:26:19 +0900 |
|---|---|---|
| committer | JinWang An <jinwang.an@samsung.com> | 2021-02-19 09:26:19 +0900 |
| commit | ee0bc809d81bfa283afa0a759a314d473a76d6b3 (patch) | |
| tree | 577d1f4883f0940e858bdb70233731ced8c7a7f5 | |
| parent | 5b6729f7d5a7933ea9f86d11b3bbcd93b4f6d373 (diff) | |
| download | cmake-ee0bc809d81bfa283afa0a759a314d473a76d6b3.tar.gz cmake-ee0bc809d81bfa283afa0a759a314d473a76d6b3.tar.bz2 cmake-ee0bc809d81bfa283afa0a759a314d473a76d6b3.zip | |
[CVE-2020-8169] Remove information disclosure vulnerabilitytizen_6.5.m2_releasesubmit/tizen_base/20210222.013010submit/tizen_6.5_base/20211027.200501submit/tizen_6.5_base/20211027.183101submit/tizen_6.5_base/20211026.180901accepted/tizen/base/tool/20210302.233531accepted/tizen/6.5/base/tool/20211027.112339accepted/tizen/6.5/base/20230714.002437tizen_6.5_basesandbox/backup/cmake-3.16.4-20211013accepted/tizen_6.5_base_toolaccepted/tizen_6.5_base
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure
vulnerability that can lead to a partial password being leaked
over the network and to the DNS server(s).
Change-Id: I87a5d5ab358f3b42e9c85c4509f586e420ddfeba
Signed-off-by: JinWang An <jinwang.an@samsung.com>
| -rw-r--r-- | Utilities/cmcurl/lib/url.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/Utilities/cmcurl/lib/url.c b/Utilities/cmcurl/lib/url.c index b39a3ee22..0b1a48ba7 100644 --- a/Utilities/cmcurl/lib/url.c +++ b/Utilities/cmcurl/lib/url.c @@ -2872,12 +2872,14 @@ static CURLcode override_login(struct Curl_easy *data, /* for updated strings, we update them in the URL */ if(user_changed) { - uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0); + uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, + CURLU_URLENCODE); if(uc) return Curl_uc_to_curlcode(uc); } if(passwd_changed) { - uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0); + uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, + CURLU_URLENCODE); if(uc) return Curl_uc_to_curlcode(uc); } |