1 files changed, 0 insertions, 38 deletions

diff --git a/ftp/curl/files/patch-CVE-2013-2174 b/ftp/curl/files/patch-CVE-2013-2174
deleted file mode 100644
index e0386e951b79..000000000000
--- a/ftp/curl/files/patch-CVE-2013-2174
+++ /dev/null
@@ -1,38 +0,0 @@
-From 6032f0ff672f09babf69d9d42bcde6eb9eeb5bea Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Sun, 19 May 2013 23:24:29 +0200
-Subject: [PATCH] Curl_urldecode: no peeking beyond end of input buffer
-
-Security problem: CVE-2013-2174
-
-If a program would give a string like "%" to curl_easy_unescape(), it
-would still consider the % as start of an encoded character. The
-function then not only read beyond the buffer but it would also deduct
-the *unsigned* counter variable for how many more bytes there's left to
-read in the buffer by two, making the counter wrap. Continuing this, the
-function would go on reading beyond the buffer and soon writing beyond
-the allocated target buffer...
-
-Bug: http://curl.haxx.se/docs/adv_20130622.html
-Reported-by: Timo Sirainen
----
- lib/escape.c |    5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git lib/escape.c lib/escape.c
-index 6a26cf8..aa7db2c 100644
---- lib/escape.c
-+++ lib/escape.c
-@@ -159,7 +159,8 @@ CURLcode Curl_urldecode(struct SessionHandle *data,
- 
-   while(--alloc > 0) {
-     in = *string;
--    if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
-+    if(('%' == in) && (alloc > 2) &&
-+       ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
-       /* this is two hexadecimal digits following a '%' */
-       char hexstr[3];
-       char *ptr;
--- 
-1.7.10.4
-