File curl-CVE-2023-27534-tilde-back.patch of Package curl.35243

Index: curl-7.66.0/lib/curl_path.c
===================================================================
--- curl-7.66.0.orig/lib/curl_path.c
+++ curl-7.66.0/lib/curl_path.c
@@ -62,25 +62,27 @@ CURLcode Curl_getworkingpath(struct conn
     }
   }
   else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
-	  (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
-    size_t len;
-    const char *p;
-    int copyfrom = 3;
+          (!strcmp("/~", working_path) ||
+           ((working_path_len > 2) && !memcmp(working_path, "/~/", 3)))) {
     if(Curl_dyn_add(&npath, homedir)) {
       free(working_path);
       return CURLE_OUT_OF_MEMORY;
     }
-    /* Copy a separating '/' if homedir does not end with one */
-    len = Curl_dyn_len(&npath);
-    p = Curl_dyn_ptr(&npath);
-    if(len && (p[len-1] != '/'))
-      copyfrom = 2;
+    if(working_path_len > 2) {
+      size_t len;
+      const char *p;
+      int copyfrom = 3;
+      /* Copy a separating '/' if homedir does not end with one */
+      len = Curl_dyn_len(&npath);
+      p = Curl_dyn_ptr(&npath);
+      if(len && (p[len-1] != '/'))
+        copyfrom = 2;
 
-    if(Curl_dyn_addn(&npath,
-                    &working_path[copyfrom],
-                    working_path_len - copyfrom)) {
-      free(working_path);
-      return CURLE_OUT_OF_MEMORY;
+      if(Curl_dyn_addn(&npath,
+                       &working_path[copyfrom], working_path_len - copyfrom)) {
+        free(working_path);
+        return CURLE_OUT_OF_MEMORY;
+      }
     }
   }