File curl-CVE-2023-27534-tilde-back.patch of Package curl.35245

Index: curl-7.37.0/lib/ssh.c
===================================================================
--- curl-7.37.0.orig/lib/ssh.c
+++ curl-7.37.0/lib/ssh.c
@@ -433,25 +433,28 @@ static CURLcode ssh_getworkingpath(struc
     }
   }
   else if((data->easy_conn->handler->protocol & CURLPROTO_SFTP) &&
-	  (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
-    size_t len;
-    const char *p;
-    int copyfrom = 3;
+	  (!strcmp("/~", working_path) ||
+            ((working_path_len > 2) && !memcmp(working_path, "/~/", 3)))) {
     if(Curl_dyn_add(&npath, homedir)) {
       free(working_path);
       return CURLE_OUT_OF_MEMORY;
     }
-    /* Copy a separating '/' if homedir does not end with one */
-    len = Curl_dyn_len(&npath);
-    p = Curl_dyn_ptr(&npath);
-    if(len && (p[len-1] != '/'))
-      copyfrom = 2;
+    if(working_path_len > 2) {
+      size_t len;
+      const char *p;
+      int copyfrom = 3;
+      /* Copy a separating '/' if homedir does not end with one */
+      len = Curl_dyn_len(&npath);
+      p = Curl_dyn_ptr(&npath);
+      if(len && (p[len-1] != '/'))
+        copyfrom = 2;
 
-    if(Curl_dyn_addn(&npath,
-		     &working_path[copyfrom],
-		     working_path_len - copyfrom)) {
-      free(working_path);
-      return CURLE_OUT_OF_MEMORY;
+      if(Curl_dyn_addn(&npath,
+  		       &working_path[copyfrom],
+		       working_path_len - copyfrom)) {
+        free(working_path);
+         return CURLE_OUT_OF_MEMORY;
+      }
     }
   }