Hello! As stated on the website,the root cause about CVE-2022-35260[1] is the
fgets lack the check of '\n', so curl can read past the end of the stack-based
buffer. On this basis, I think the root cause is the line 85 of the patch, but
the website show me the eeaae10c0fb27aa06[2] is the Vulnerability introduced
commit. I want to know Where did my understanding go wrong.
Thanks very much!
[1] https://curl.se/docs/CVE-2022-35260.html
[2] https://github.com/curl/curl/commit/eeaae10c0fb27aa06
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
