moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

header_callback: strip off file path separated with backslashes 

If the filename contains a backslash, only use filename portion. The
idea is that even systems that don't handle backslashes as path
separators probably want that path removed for convenience.

This flaw is considered a security problem, see the curl security
vulnerability http://curl.haxx.se/docs/adv_20101013.html
This commit is contained in:
Daniel Stenberg 2010-09-16 23:11:48 +02:00
parent b804906414
commit 81f151c912
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/main.c
View File

@ -4368,6 +4368,18 @@ parse_filename(char *ptr, size_t len)
}
}
/* If the filename contains a backslash, only use filename portion. The idea
is that even systems that don't handle backslashes as path separators
probably want the path removed for convenience. */
q = strrchr(p, '\\');
if (q) {
p = q+1;
if (!*p) {
free(copy);
return NULL;
}
}
if(quote) {
/* if the file name started with a quote, then scan for the end quote and
stop there */