1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Go to file
Daniel Stenberg b387560692 curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.

Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.

Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
2014-11-05 08:05:14 +01:00
CMake cmake: fix struct sockaddr_storage check 2014-11-03 09:10:54 +01:00
docs INSTALL: Consistent spacing in section headings, paragraphs and examples 2014-11-04 14:07:55 +00:00
include CURL_VERSION_KERBEROS4: Mark as deprecated 2014-11-02 00:50:16 +00:00
lib curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds 2014-11-05 08:05:14 +01:00
m4 Enable poll on darwin13 2014-05-06 08:31:10 +02:00
packages OS400: fix bugs in curl_*escape_ccsid() and reduce variables scope 2014-10-14 15:43:25 +02:00
perl removed trailing whitespace 2011-12-30 03:36:18 +01:00
projects README: Corrected inconsistent use of --help 2014-11-04 12:32:33 +00:00
src curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds 2014-11-05 08:05:14 +01:00
tests lib544.c: use duphandle for test 545 2014-11-05 08:05:14 +01:00
winbuild newlines: fix mixed newlines to LF-only 2014-09-12 10:22:34 +02:00
.gitattributes Tell git to not convert configure-related files. 2012-07-17 20:35:23 +02:00
.gitignore gitignore: ignore .dirstamp files 2013-12-18 14:35:56 +01:00
.travis.yml Adding a .travis.yml file to use the travis-ci.org 2013-10-21 23:15:16 +02:00
acinclude.m4 configure: allow --with-ca-path with PolarSSL too 2014-09-13 14:57:21 +02:00
buildconf buildconf: update copyright year 2014-11-04 19:53:44 +01:00
buildconf.bat curl tool: renaming hugehelp files to tool_hugehelp 2012-12-26 23:30:54 +01:00
CHANGES CHANGES: move all contents from CHANGES to CHANGES.0 2010-06-21 22:27:39 +02:00
CHANGES.0 removed trailing whitespace 2011-12-30 03:36:18 +01:00
CMakeLists.txt cmake: fix ZLIB_INCLUDE_DIRS use 2014-11-04 11:51:53 +01:00
configure.ac configure.ac: remove checks for OpenSSL NPN/ALPN funcs again 2014-10-29 22:38:39 +01:00
contributors.sh contributors.sh: split list of names at comma 2014-09-12 15:12:06 +02:00
COPYING Bumped copyright year to 2014 2014-01-02 23:53:49 +00:00
CTestConfig.cmake ENH: move dashboard location 2009-07-15 19:40:46 +00:00
curl-config.in curl-config.in: replace tabs by spaces 2013-06-22 22:08:42 +02:00
GIT-INFO curl tool: renaming hugehelp files to tool_hugehelp 2012-12-26 23:30:54 +01:00
install-sh Remove all traces of FBOpenSSL SPNEGO support 2014-07-16 17:26:08 +02:00
libcurl.pc.in build: prevent global LIBS from influencing src and lib build targets 2012-12-03 22:41:18 +01:00
log2changes.pl log2changes.pl: fix the Version output 2012-06-07 23:50:00 +02:00
MacOSX-Framework OS X framework: fix invalid symbolic link 2013-05-09 21:51:35 +02:00
Makefile.am Makefile.am: two cmake files are gone 2014-11-04 08:58:01 +01:00
Makefile.dist Added VC ssh2 target to main Makefile. 2014-10-23 19:30:19 +02:00
maketgz newlines: fix mixed newlines to LF-only 2014-09-12 10:22:34 +02:00
missing renamed generated config.h to curl_config.h in order to avoid clashes when libcurl is used with other projects which also have a config.h. 2009-07-14 13:25:14 +00:00
mkinstalldirs Remove all traces of FBOpenSSL SPNEGO support 2014-07-16 17:26:08 +02:00
README various changes of CVS to git 2010-03-22 00:34:09 +01:00
RELEASE-NOTES RELEASE-NOTES: Synced with d71ea7c01e 2014-11-02 23:20:32 +00:00
TODO-RELEASE TODO-RELEASE: cleaned up, not really maintained lately 2013-04-08 08:32:10 +02:00

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

README

  Curl is a command line tool for transferring data specified with URL
  syntax. Find out how to use curl by reading the curl.1 man page or the
  MANUAL document. Find out how to install Curl by reading the INSTALL
  document.

  libcurl is the library curl is using to do its job. It is readily
  available to be used by your software. Read the libcurl.3 man page to
  learn how!

  You find answers to the most frequent questions we get in the FAQ document.

  Study the COPYING file for distribution terms and similar. If you distribute
  curl binaries or other binaries that involve libcurl, you might enjoy the
  LICENSE-MIXING document.

CONTACT

  If you have problems, questions, ideas or suggestions, please contact us
  by posting to a suitable mailing list. See http://curl.haxx.se/mail/

  All contributors to the project are listed in the THANKS document.

WEB SITE

  Visit the curl web site for the latest news and downloads:

        http://curl.haxx.se/

GIT

  To download the very latest source off the GIT server do this:

    git clone git://github.com/bagder/curl.git

  (you'll get a directory named curl created, filled with the source code)

NOTICE

  Curl contains pieces of source code that is Copyright (c) 1998, 1999
  Kungliga Tekniska Högskolan. This notice is included here to comply with the
  distribution terms.