Commit 81f151c9 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

header_callback: strip off file path separated with backslashes 

If the filename contains a backslash, only use filename portion. The
idea is that even systems that don't handle backslashes as path
separators probably want that path removed for convenience.

This flaw is considered a security problem, see the curl security
vulnerability http://curl.haxx.se/docs/adv_20101013.html
parent b8049064

src/main.c

+12 −0
Original line number Diff line number Diff line
@@ -4368,6 +4368,18 @@ parse_filename(char *ptr, size_t len) 
    }

  }



  /* If the filename contains a backslash, only use filename portion. The idea

     is that even systems that don't handle backslashes as path separators

     probably want the path removed for convenience. */

  q = strrchr(p, '\\');

  if (q) {

    p = q+1;

    if (!*p) {

      free(copy);

      return NULL;

    }

  }



  if(quote) {

    /* if the file name started with a quote, then scan for the end quote and

       stop there */