summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJinWang An <jinwang.an@samsung.com>2021-02-19 09:26:19 +0900
committerJinWang An <jinwang.an@samsung.com>2021-02-19 09:26:19 +0900
commitee0bc809d81bfa283afa0a759a314d473a76d6b3 (patch)
tree577d1f4883f0940e858bdb70233731ced8c7a7f5
parent5b6729f7d5a7933ea9f86d11b3bbcd93b4f6d373 (diff)
downloadcmake-tizen_base.tar.gz
cmake-tizen_base.tar.bz2
cmake-tizen_base.zip
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). Change-Id: I87a5d5ab358f3b42e9c85c4509f586e420ddfeba Signed-off-by: JinWang An <jinwang.an@samsung.com>
-rw-r--r--Utilities/cmcurl/lib/url.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/Utilities/cmcurl/lib/url.c b/Utilities/cmcurl/lib/url.c
index b39a3ee2..0b1a48ba 100644
--- a/Utilities/cmcurl/lib/url.c
+++ b/Utilities/cmcurl/lib/url.c
@@ -2872,12 +2872,14 @@ static CURLcode override_login(struct Curl_easy *data,
/* for updated strings, we update them in the URL */
if(user_changed) {
- uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0);
+ uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp,
+ CURLU_URLENCODE);
if(uc)
return Curl_uc_to_curlcode(uc);
}
if(passwd_changed) {
- uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0);
+ uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp,
+ CURLU_URLENCODE);
if(uc)
return Curl_uc_to_curlcode(uc);
}