moparisthebest/curl - curl - code.moparisthebest.com

mirror of https://github.com/moparisthebest/curl synced 2025-02-28 09:21:50 -05:00

Go to file

Daniel Stenberg 75ca568fa1 URL sanitize: reject URLs containing bad data

Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
decoded manner now use the new Curl_urldecode() function to reject URLs
with embedded control codes (anything that is or decodes to a byte value
less than 32).

URLs containing such codes could easily otherwise be used to do harm and
allow users to do unintended actions with otherwise innocent tools and
applications. Like for example using a URL like
pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
a mail and instead this would delete one.

This flaw is considered a security vulnerability: CVE-2012-0036

Security advisory at: http://curl.haxx.se/docs/adv_20120124.html

Reported by: Dan Fandrich

2012-01-24 08:54:26 +01:00

CMake

removed execute file permission

2011-12-30 03:53:25 +01:00

docs

CURLOPT_ACCEPTTIMEOUT_MS: spellfix

2012-01-22 00:00:55 +01:00

include

curl.h: provide backwards compatible symbols

2012-01-05 19:57:39 +01:00

lib

URL sanitize: reject URLs containing bad data

2012-01-24 08:54:26 +01:00

configure: libtool 1.5 tweaks

2011-12-15 18:01:00 +01:00

packages

- Prepare the ILE/RPG binding and OS400 documentation for the upcoming release

2011-10-26 14:48:20 +02:00

perl

removed trailing whitespace

2011-12-30 03:36:18 +01:00

src

Remove bogus optimisation of telnet upload.

2012-01-18 22:17:46 +01:00

tests

testtrace.c: fix compiler warning

2012-01-19 22:54:57 +01:00

winbuild

- s, use, enable, for options name, avoiding conflicts with the names used in the makefile

2012-01-19 14:08:24 +01:00

.gitattributes

Add .gitattributes files to turn off CRLF translation for some files

2010-03-24 23:48:35 -04:00

.gitignore

gitignore: config.cache

2011-06-30 09:58:45 +02:00

acinclude.m4

configure - m4: make CURL_CHECK_DEF ignore leading whitespace on symbol def

2011-09-27 22:01:58 +02:00

Android.mk

curl has been built on many Android versions

2011-11-16 17:11:31 -08:00

buildconf

buildconf: minor tweaks commit 430527a1 follow-up

2011-12-23 17:45:42 +01:00

buildconf.bat

keep a single copy of config-win32.h in version control repository.

2011-08-05 13:20:22 +02:00

CHANGES

CHANGES: move all contents from CHANGES to CHANGES.0

2010-06-21 22:27:39 +02:00

CHANGES.0

removed trailing whitespace

2011-12-30 03:36:18 +01:00

CMakeLists.txt

removed trailing whitespace

2011-12-30 03:36:18 +01:00

configure.ac

configure: add symbols versioning option

2011-12-19 23:25:36 +01:00

COPYING

COPYING: update the year to 2011

2011-01-29 23:41:15 +01:00

CTestConfig.cmake

ENH: move dashboard location

2009-07-15 19:40:46 +00:00

curl-config.in

curl-config: fix version output

2011-04-19 16:41:34 +02:00

curl-style.el

remove the CVSish $Id$ lines

2010-03-24 11:02:54 +01:00

GIT-INFO

s/CVS/git

2010-03-22 00:41:34 +01:00

install-sh

removed trailing whitespace

2010-02-14 19:40:18 +00:00

libcurl.pc.in

libcurl.pc: version number fix

2011-04-06 12:09:27 +02:00

log2changes.pl

removed trailing whitespace

2011-12-30 03:36:18 +01:00

MacOSX-Framework

MacOSX-Framework: updates for Snowleopard

2010-09-21 00:07:45 +02:00

Makefile.am

configure: add symbols versioning option

2011-12-19 23:25:36 +01:00

Makefile.dist

Changed some main makefile targets.

2011-09-25 17:43:50 +02:00

Makefile.msvc.names

build: refactoring of msvc makefiles to allow overriding of library filenames.

2010-12-20 21:53:44 +01:00

maketgz

curl tool: reviewed code moved to tool_*.[ch] files

2011-10-06 17:39:00 +02:00

missing

renamed generated config.h to curl_config.h in order to avoid clashes when libcurl is used with other projects which also have a config.h.

2009-07-14 13:25:14 +00:00

mkinstalldirs

remove the CVSish $Id$ lines

2010-03-24 11:02:54 +01:00

README

various changes of CVS to git

2010-03-22 00:34:09 +01:00

RELEASE-NOTES

RELEASE-NOTES: synced with 6e2fd2c9ea

2012-01-22 23:44:51 +01:00

sample.emacs

remove the CVSish $Id$ lines

2010-03-24 11:02:54 +01:00

TODO-RELEASE

TODO-RELEASE: postpone the remainders

2011-09-11 19:26:17 +02:00

vc6curl.dsw

Renamed vc6 workspace and project files to avoid filename clash when used for conversion to later VS versions.

2009-05-08 17:51:44 +00:00

README

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

README

  Curl is a command line tool for transferring data specified with URL
  syntax. Find out how to use curl by reading the curl.1 man page or the
  MANUAL document. Find out how to install Curl by reading the INSTALL
  document.

  libcurl is the library curl is using to do its job. It is readily
  available to be used by your software. Read the libcurl.3 man page to
  learn how!

  You find answers to the most frequent questions we get in the FAQ document.

  Study the COPYING file for distribution terms and similar. If you distribute
  curl binaries or other binaries that involve libcurl, you might enjoy the
  LICENSE-MIXING document.

CONTACT

  If you have problems, questions, ideas or suggestions, please contact us
  by posting to a suitable mailing list. See http://curl.haxx.se/mail/

  All contributors to the project are listed in the THANKS document.

WEB SITE

  Visit the curl web site for the latest news and downloads:

        http://curl.haxx.se/

GIT

  To download the very latest source off the GIT server do this:

    git clone git://github.com/bagder/curl.git

  (you'll get a directory named curl created, filled with the source code)

NOTICE

  Curl contains pieces of source code that is Copyright (c) 1998, 1999
  Kungliga Tekniska Högskolan. This notice is included here to comply with the
  distribution terms.

Languages

C 66.7%

Python 12.4%

M4 6.9%

Perl 6.7%

DIGITAL Command Language 2.9%

Other 4.3%