Skip to content
  1. Jun 22, 2013
    • Daniel Stenberg's avatar
      Curl_urldecode: no peeking beyond end of input buffer · 192c4f78
      Daniel Stenberg authored
      Security problem: CVE-2013-2174
      
      If a program would give a string like "%FF" to curl_easy_unescape() but
      ask for it to decode only the first byte, it would still parse and
      decode the full hex sequence. The function then not only read beyond the
      allowed buffer but it would also deduct the *unsigned* counter variable
      for how many more bytes there's left to read in the buffer by two,
      making the counter wrap. Continuing this, the function would go on
      reading beyond the buffer and soon writing beyond the allocated target
      buffer...
      
      Bug: http://curl.haxx.se/docs/adv_20130622.html
      Reported-by: Timo Sirainen
      192c4f78
  2. Jun 20, 2013
  3. Jun 18, 2013
  4. Jun 17, 2013
  5. Jun 15, 2013
  6. Jun 14, 2013
  7. Jun 13, 2013
  8. Jun 12, 2013
  9. Jun 10, 2013
  10. Jun 07, 2013
  11. Jun 06, 2013
    • Daniel Stenberg's avatar
      lib1500: remove bad check · 87cf677e
      Daniel Stenberg authored
      After curl_multi_wait() returns, this test checked that we got exactly
      one file descriptor told to read from, but we cannot be sure that is
      true. curl_multi_wait() will sometimes return earlier without any file
      descriptor to handle, just just because it is a suitable time to call
      *perform().
      
      This problem showed up with commit 29bf0598.
      
      Bug: http://curl.haxx.se/mail/lib-2013-06/0029.html
      Reported-by: Fabian Keil
      87cf677e
  12. Jun 04, 2013
  13. Jun 03, 2013
  14. Jun 02, 2013
  15. May 30, 2013
  16. May 28, 2013
  17. May 27, 2013
  18. May 22, 2013