moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-07 18:15:04 -05:00
Code Issues Releases Wiki Activity
14,734 Commits 10 Branches 144 Tags 113 MiB
C 66.7%
Python 12.4%
M4 6.9%
Perl 6.7%
DIGITAL Command Language 2.9%
Other 4.3%
75ca568fa1
Go to file
Daniel Stenberg 75ca568fa1 URL sanitize: reject URLs containing bad data 
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
decoded manner now use the new Curl_urldecode() function to reject URLs
with embedded control codes (anything that is or decodes to a byte value
less than 32).

URLs containing such codes could easily otherwise be used to do harm and
allow users to do unintended actions with otherwise innocent tools and
applications. Like for example using a URL like
pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
a mail and instead this would delete one.

This flaw is considered a security vulnerability: CVE-2012-0036

Security advisory at: http://curl.haxx.se/docs/adv_20120124.html

Reported by: Dan Fandrich
2012-01-24 08:54:26 +01:00
CMake removed execute file permission 2011-12-30 03:53:25 +01:00
docs CURLOPT_ACCEPTTIMEOUT_MS: spellfix 2012-01-22 00:00:55 +01:00
include curl.h: provide backwards compatible symbols 2012-01-05 19:57:39 +01:00
lib URL sanitize: reject URLs containing bad data 2012-01-24 08:54:26 +01:00
m4 configure: libtool 1.5 tweaks 2011-12-15 18:01:00 +01:00
packages - Prepare the ILE/RPG binding and OS400 documentation for the upcoming release 2011-10-26 14:48:20 +02:00
perl removed trailing whitespace 2011-12-30 03:36:18 +01:00
src Remove bogus optimisation of telnet upload. 2012-01-18 22:17:46 +01:00
tests testtrace.c: fix compiler warning 2012-01-19 22:54:57 +01:00
winbuild - s, use, enable, for options name, avoiding conflicts with the names used in the makefile 2012-01-19 14:08:24 +01:00
.gitattributes Add .gitattributes files to turn off CRLF translation for some files 2010-03-24 23:48:35 -04:00
.gitignore gitignore: config.cache 2011-06-30 09:58:45 +02:00
acinclude.m4 configure - m4: make CURL_CHECK_DEF ignore leading whitespace on symbol def 2011-09-27 22:01:58 +02:00
Android.mk curl has been built on many Android versions 2011-11-16 17:11:31 -08:00
buildconf buildconf: minor tweaks commit 430527a1 follow-up 2011-12-23 17:45:42 +01:00
buildconf.bat keep a single copy of config-win32.h in version control repository. 2011-08-05 13:20:22 +02:00
CHANGES CHANGES: move all contents from CHANGES to CHANGES.0 2010-06-21 22:27:39 +02:00
CHANGES.0 removed trailing whitespace 2011-12-30 03:36:18 +01:00
CMakeLists.txt removed trailing whitespace 2011-12-30 03:36:18 +01:00
configure.ac configure: add symbols versioning option 2011-12-19 23:25:36 +01:00
COPYING COPYING: update the year to 2011 2011-01-29 23:41:15 +01:00
CTestConfig.cmake ENH: move dashboard location 2009-07-15 19:40:46 +00:00
curl-config.in curl-config: fix version output 2011-04-19 16:41:34 +02:00
curl-style.el remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
GIT-INFO s/CVS/git 2010-03-22 00:41:34 +01:00
install-sh removed trailing whitespace 2010-02-14 19:40:18 +00:00
libcurl.pc.in libcurl.pc: version number fix 2011-04-06 12:09:27 +02:00
log2changes.pl removed trailing whitespace 2011-12-30 03:36:18 +01:00
MacOSX-Framework MacOSX-Framework: updates for Snowleopard 2010-09-21 00:07:45 +02:00
Makefile.am configure: add symbols versioning option 2011-12-19 23:25:36 +01:00
Makefile.dist Changed some main makefile targets. 2011-09-25 17:43:50 +02:00
Makefile.msvc.names build: refactoring of msvc makefiles to allow overriding of library filenames. 2010-12-20 21:53:44 +01:00
maketgz curl tool: reviewed code moved to tool_*.[ch] files 2011-10-06 17:39:00 +02:00
missing renamed generated config.h to curl_config.h in order to avoid clashes when libcurl is used with other projects which also have a config.h. 2009-07-14 13:25:14 +00:00
mkinstalldirs remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
README various changes of CVS to git 2010-03-22 00:34:09 +01:00
RELEASE-NOTES RELEASE-NOTES: synced with 6e2fd2c9ea 2012-01-22 23:44:51 +01:00
sample.emacs remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
TODO-RELEASE TODO-RELEASE: postpone the remainders 2011-09-11 19:26:17 +02:00
vc6curl.dsw Renamed vc6 workspace and project files to avoid filename clash when used for conversion to later VS versions. 2009-05-08 17:51:44 +00:00

README 

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

README

  Curl is a command line tool for transferring data specified with URL
  syntax. Find out how to use curl by reading the curl.1 man page or the
  MANUAL document. Find out how to install Curl by reading the INSTALL
  document.

  libcurl is the library curl is using to do its job. It is readily
  available to be used by your software. Read the libcurl.3 man page to
  learn how!

  You find answers to the most frequent questions we get in the FAQ document.

  Study the COPYING file for distribution terms and similar. If you distribute
  curl binaries or other binaries that involve libcurl, you might enjoy the
  LICENSE-MIXING document.

CONTACT

  If you have problems, questions, ideas or suggestions, please contact us
  by posting to a suitable mailing list. See http://curl.haxx.se/mail/

  All contributors to the project are listed in the THANKS document.

WEB SITE

  Visit the curl web site for the latest news and downloads:

        http://curl.haxx.se/

GIT

  To download the very latest source off the GIT server do this:

    git clone git://github.com/bagder/curl.git

  (you'll get a directory named curl created, filled with the source code)

NOTICE

  Curl contains pieces of source code that is Copyright (c) 1998, 1999
  Kungliga Tekniska Högskolan. This notice is included here to comply with the
  distribution terms.