moparisthebest/curl - curl - code.moparisthebest.com

moparisthebest/curl

Fork 0

mirror of https://github.com/moparisthebest/curl synced 2024-11-11 12:05:06 -05:00

Commit Graph

Author	SHA1	Message	Date
Daniel Stenberg	9395999543	checksrc: use space after comma	2015-03-17 13:57:37 +01:00
Daniel Stenberg	8a2dda312c	tool_strdup.c: include the tool strdup.h ... not the lib/ one that the tool no longer uses!	2014-11-05 23:33:22 +01:00
Daniel Stenberg	b387560692	curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds When duplicating a handle, the data to post was duplicated using strdup() when it could be binary and contain zeroes and it was not even zero terminated! This caused read out of bounds crashes/segfaults. Since the lib/strdup.c file no longer is easily shared with the curl tool with this change, it now uses its own version instead. Bug: http://curl.haxx.se/docs/adv_20141105.html CVE: CVE-2014-3707 Reported-By: Symeon Paraschoudis	2014-11-05 08:05:14 +01:00

Author

SHA1

Message

Date

Daniel Stenberg

9395999543

checksrc: use space after comma

2015-03-17 13:57:37 +01:00

Daniel Stenberg

8a2dda312c

tool_strdup.c: include the tool strdup.h

... not the lib/ one that the tool no longer uses!

2014-11-05 23:33:22 +01:00

Daniel Stenberg

b387560692

curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds

When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.

Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.

Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis

2014-11-05 08:05:14 +01:00

3 Commits