From b4c53e2cfd11fa9fec43d766fbec1a06931de11d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 27 Sep 2005 09:13:39 +0000 Subject: [PATCH] An anonymous submitter filed bug #1299181 (http://curl.haxx.se/bug/view.cgi?id=1299181) that identified a silly problem with Content-Range: headers with the 'bytes' keyword written in a different case than all lowercase! It would cause a segfault! --- CHANGES | 5 +++++ RELEASE-NOTES | 5 +++++ lib/transfer.c | 8 ++++---- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index dcb8a46c4..56b53a71e 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,11 @@ Daniel (27 September 2005) +- An anonymous submitter filed bug #1299181 + (http://curl.haxx.se/bug/view.cgi?id=1299181) that identified a silly + problem with Content-Range: headers with the 'bytes' keyword written in a + different case than all lowercase! It would cause a segfault! + - TJ Saunders of the proftpd project identified and pointed out problems with the modified FTPS negotiation change of August 19 2005. Thus, we revert the change back to pre-7.14.1 status. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0db7c9459..fc020b281 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -16,6 +16,7 @@ This release includes the following changes: This release includes the following bugfixes: + o HTTP Content-Range header parser crash o FTPS negotiation timeouts/errors o SSPI works even for Windows 9x o crash in --dump-header on FTP @@ -23,6 +24,10 @@ This release includes the following bugfixes: Other curl-related news since the previous public release: + o All curl relatd mailing list information and subscribers on cool.haxx.se + were lost due to a malicious user exploiting a security hole on the + server. Attempts have been made to put back susbcribers on the lists, but + many have been lost. o New S-Lang binding: http://curl.haxx.se/libcurl/slang/ o TclCurl 0.14.1: http://personal1.iddeo.es/andresgarci/tclcurl/english/ o pycurl 7.14.1: http://pycurl.sf.net/ diff --git a/lib/transfer.c b/lib/transfer.c index 996d133c9..13f31e9bc 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -880,11 +880,11 @@ CURLcode Curl_readwrite(struct connectdata *conn, /* Content-Range: bytes [num]- Content-Range: bytes: [num]- - The second format was added August 1st 2000 by Igor - Khristophorov since Sun's webserver JavaWebServer/1.1.1 - obviously sends the header this way! :-( */ + The second format was added since Sun's webserver + JavaWebServer/1.1.1 obviously sends the header this way! + */ - char *ptr = strstr(k->p, "bytes"); + char *ptr = Curl_strcasestr(k->p, "bytes"); ptr+=5; if(*ptr == ':')