1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-13 21:15:08 -05:00
curl/src/tool_setup.h
Daniel Stenberg b387560692 curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.

Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.

Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
2014-11-05 08:05:14 +01:00

75 lines
2.3 KiB
C

#ifndef HEADER_CURL_TOOL_SETUP_H
#define HEADER_CURL_TOOL_SETUP_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
#define CURL_NO_OLDIES
/*
* curl_setup.h may define preprocessor macros such as _FILE_OFFSET_BITS and
* _LARGE_FILES in order to support files larger than 2 GB. On platforms
* where this happens it is mandatory that these macros are defined before
* any system header file is included, otherwise file handling function
* prototypes will be misdeclared and curl tool may not build properly;
* therefore we must include curl_setup.h before curl.h when building curl.
*/
#include "curl_setup.h" /* from the lib directory */
/*
* curl tool certainly uses libcurl's external interface.
*/
#include <curl/curl.h> /* external interface */
/*
* Platform specific stuff.
*/
#if defined(macintosh) && defined(__MRC__)
# define main(x,y) curl_main(x,y)
#endif
#ifdef TPF
# undef select
/* change which select is used for the curl command line tool */
# define select(a,b,c,d,e) tpf_select_bsd(a,b,c,d,e)
/* and turn off the progress meter */
# define CONF_DEFAULT (0|CONF_NOPROGRESS)
#endif
#ifndef OS
# define OS "unknown"
#endif
#ifndef UNPRINTABLE_CHAR
/* define what to use for unprintable characters */
# define UNPRINTABLE_CHAR '.'
#endif
#ifndef HAVE_STRDUP
# include "tool_strdup.h"
#endif
#endif /* HEADER_CURL_TOOL_SETUP_H */