From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001
From: Dan Fandrich <dan@coneharvesters.com>
Date: Sat, 11 Mar 2017 10:59:34 +0100
Subject: [PATCH] CVE-2017-7407: fixed

Bug: https://curl.haxx.se/docs/adv_20170403.html

Reported-by: Brian Carpenter
[baruch: remove tests]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Patch status: based on upstream suggested patch[1] that combines commits
1890d59905414ab and 8e65877870c1.

[1] https://curl.haxx.se/CVE-2017-7407.patch

diff --git a/src/tool_writeout.c b/src/tool_writeout.c
index 2fb77742a..5d92bd278 100644
--- a/src/tool_writeout.c
+++ b/src/tool_writeout.c
@@ -3,11 +3,11 @@
  *  Project                     ___| | | |  _ \| |
  *                             / __| | | | |_) | |
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
  * are also available at https://curl.haxx.se/docs/copyright.html.
  *
@@ -111,11 +111,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
   char *stringp = NULL;
   long longinfo;
   double doubleinfo;
 
   while(ptr && *ptr) {
-    if('%' == *ptr) {
+    if('%' == *ptr && ptr[1]) {
       if('%' == ptr[1]) {
         /* an escaped %-letter */
         fputc('%', stream);
         ptr += 2;
       }
@@ -339,11 +339,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
           fputc(ptr[1], stream);
           ptr += 2;
         }
       }
     }
-    else if('\\' == *ptr) {
+    else if('\\' == *ptr && ptr[1]) {
       switch(ptr[1]) {
       case 'r':
         fputc('\r', stream);
         break;
       case 'n':
-- 2.11.0