-
- Downloads
curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
When duplicating a handle, the data to post was duplicated using strdup() when it could be binary and contain zeroes and it was not even zero terminated! This caused read out of bounds crashes/segfaults. Since the lib/strdup.c file no longer is easily shared with the curl tool with this change, it now uses its own version instead. Bug: http://curl.haxx.se/docs/adv_20141105.html CVE: CVE-2014-3707 Reported-By: Symeon Paraschoudis
Showing
- lib/formdata.c 9 additions, 43 deletionslib/formdata.c
- lib/strdup.c 27 additions, 5 deletionslib/strdup.c
- lib/strdup.h 2 additions, 1 deletionlib/strdup.h
- lib/url.c 17 additions, 5 deletionslib/url.c
- lib/urldata.h 9 additions, 2 deletionslib/urldata.h
- src/Makefile.inc 2 additions, 2 deletionssrc/Makefile.inc
- src/tool_setup.h 2 additions, 3 deletionssrc/tool_setup.h
- src/tool_strdup.c 47 additions, 0 deletionssrc/tool_strdup.c
- src/tool_strdup.h 30 additions, 0 deletionssrc/tool_strdup.h
Loading
Please register or sign in to comment