moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

An anonymous submitter filed bug #1299181 

(http://curl.haxx.se/bug/view.cgi?id=1299181) that identified a silly problem
with Content-Range: headers with the 'bytes' keyword written in a different
case than all lowercase! It would cause a segfault!
This commit is contained in:
Daniel Stenberg 2005-09-27 09:13:39 +00:00
parent a2902de67c
commit b4c53e2cfd
3 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -8,6 +8,11 @@
Daniel (27 September 2005) Daniel (27 September 2005)
- An anonymous submitter filed bug #1299181
(http://curl.haxx.se/bug/view.cgi?id=1299181) that identified a silly
problem with Content-Range: headers with the 'bytes' keyword written in a
different case than all lowercase! It would cause a segfault!
- TJ Saunders of the proftpd project identified and pointed out problems with - TJ Saunders of the proftpd project identified and pointed out problems with
the modified FTPS negotiation change of August 19 2005. Thus, we revert the the modified FTPS negotiation change of August 19 2005. Thus, we revert the
change back to pre-7.14.1 status. change back to pre-7.14.1 status.

5
RELEASE-NOTES
View File

@ -16,6 +16,7 @@ This release includes the following changes:
This release includes the following bugfixes: This release includes the following bugfixes:
o HTTP Content-Range header parser crash
o FTPS negotiation timeouts/errors o FTPS negotiation timeouts/errors
o SSPI works even for Windows 9x o SSPI works even for Windows 9x
o crash in --dump-header on FTP o crash in --dump-header on FTP
@ -23,6 +24,10 @@ This release includes the following bugfixes:
Other curl-related news since the previous public release: Other curl-related news since the previous public release:
o All curl relatd mailing list information and subscribers on cool.haxx.se
were lost due to a malicious user exploiting a security hole on the
server. Attempts have been made to put back susbcribers on the lists, but
many have been lost.
o New S-Lang binding: http://curl.haxx.se/libcurl/slang/ o New S-Lang binding: http://curl.haxx.se/libcurl/slang/
o TclCurl 0.14.1: http://personal1.iddeo.es/andresgarci/tclcurl/english/ o TclCurl 0.14.1: http://personal1.iddeo.es/andresgarci/tclcurl/english/
o pycurl 7.14.1: http://pycurl.sf.net/ o pycurl 7.14.1: http://pycurl.sf.net/

8
lib/transfer.c
View File

@ -880,11 +880,11 @@ CURLcode Curl_readwrite(struct connectdata *conn,
/* Content-Range: bytes [num]- /* Content-Range: bytes [num]-
Content-Range: bytes: [num]- Content-Range: bytes: [num]-
The second format was added August 1st 2000 by Igor The second format was added since Sun's webserver
Khristophorov since Sun's webserver JavaWebServer/1.1.1 JavaWebServer/1.1.1 obviously sends the header this way!
obviously sends the header this way! :-( */ */
char *ptr = strstr(k->p, "bytes"); char *ptr = Curl_strcasestr(k->p, "bytes");
ptr+=5; ptr+=5;
if(*ptr == ':') if(*ptr == ':')