mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
James Bursa found an ERRORBUFFFER overflow
This commit is contained in:
parent
4cccceb034
commit
54c6f2c7c0
7
CHANGES
7
CHANGES
@ -7,6 +7,13 @@
|
||||
Changelog
|
||||
|
||||
|
||||
Daniel (26 October)
|
||||
- James Bursa found out that curl_msnprintf() could write the trailing
|
||||
zero-byte outside its given buffer size. This could happen if you generated
|
||||
a very long error message as then libcurl would overwrite the ERRORBUFFER
|
||||
with one byte. Using a non-existing very long local file:// name is one case
|
||||
that could make this occur.
|
||||
|
||||
Daniel (24 October)
|
||||
- David Hull filed bug report #829827. It identified a problem with -C - if
|
||||
the full file already was downloaded and thus the server responded with a
|
||||
|
@ -24,6 +24,7 @@ This release includes the following changes:
|
||||
|
||||
This release includes the following bugfixes:
|
||||
|
||||
o a rare ERRORBUFFER single-byte overflow was fixed
|
||||
o HTTP-resuming an already downloaded file works better
|
||||
o builds better on Solaris 8+ with gcc
|
||||
o --disable-eprt works now
|
||||
@ -81,6 +82,7 @@ advice from friends like these:
|
||||
Neil Spring, Siddhartha Prakash Jain, Jon Turner, Vincent Bronner, Shard,
|
||||
Jeremy Friesner, Florian Schoppmann, Neil Dunbar, Frank Ticheler, Lachlan
|
||||
O'Dea, Dirk Manske, Domenico Andreoli, Gisle Vanem, Kimmo Kinnunen, Andrew
|
||||
Fuller, Georg Horn, Andrés García, Dylan Ellicott, Kevin Roth, David Hull
|
||||
Fuller, Georg Horn, Andrés García, Dylan Ellicott, Kevin Roth, David Hull,
|
||||
James Bursa
|
||||
|
||||
Thanks! (and sorry if I forgot to mention someone)
|
||||
|
Loading…
Reference in New Issue
Block a user