From 54c6f2c7c05d33859789bc3a1754805ee31c6edb Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 26 Oct 2003 15:42:21 +0000 Subject: [PATCH] James Bursa found an ERRORBUFFFER overflow --- CHANGES | 7 +++++++ RELEASE-NOTES | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 690eedb7e..e9b6c64c6 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,13 @@ Changelog +Daniel (26 October) +- James Bursa found out that curl_msnprintf() could write the trailing + zero-byte outside its given buffer size. This could happen if you generated + a very long error message as then libcurl would overwrite the ERRORBUFFER + with one byte. Using a non-existing very long local file:// name is one case + that could make this occur. + Daniel (24 October) - David Hull filed bug report #829827. It identified a problem with -C - if the full file already was downloaded and thus the server responded with a diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 299f87b30..f5d1cd081 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -24,6 +24,7 @@ This release includes the following changes: This release includes the following bugfixes: + o a rare ERRORBUFFER single-byte overflow was fixed o HTTP-resuming an already downloaded file works better o builds better on Solaris 8+ with gcc o --disable-eprt works now @@ -81,6 +82,7 @@ advice from friends like these: Neil Spring, Siddhartha Prakash Jain, Jon Turner, Vincent Bronner, Shard, Jeremy Friesner, Florian Schoppmann, Neil Dunbar, Frank Ticheler, Lachlan O'Dea, Dirk Manske, Domenico Andreoli, Gisle Vanem, Kimmo Kinnunen, Andrew - Fuller, Georg Horn, Andrés García, Dylan Ellicott, Kevin Roth, David Hull + Fuller, Georg Horn, Andrés García, Dylan Ellicott, Kevin Roth, David Hull, + James Bursa Thanks! (and sorry if I forgot to mention someone)