cURL / Mailing Lists / curl-library / Single Mail


Re: Regression on FTP connections with --anyauth

From: Dan Fandrich <>
Date: Fri, 28 Mar 2014 22:55:23 +0100

On Tue, Feb 25, 2014 at 10:49:00PM +0100, Daniel Stenberg wrote:
> On Mon, 24 Feb 2014, Dan Fandrich wrote:
> >It's probably worthwhile updating the security advisory at
> > as it advocates applying
> >just commit 8ae35102 as a fix to the original security issue. By my
> >reckoning, the fix should be 8ae35102 followed by 378af08c followed
> >by d7650998. The 7.27.0 patch at
> > suffers from the same
> >problem.
> I agree completely, we really should. I'll try to create an amended
> version of the patches that take the subsequent fixes into account as
> well. When I get home again with some cycles to spare... Unless
> someone does it before me of course!

I've created a new patch that smooshes those three commits into one and
applies to 7.34.0. I've also attempted to back-port these to 7.28.1 and
came up with the second patch attached. A lot changed in this code between
those two versions so I'm not as confident in it, but the tests at least

>>> Dan

List admin:

Received on 2014-03-28