Go to file
Even Rouault 16c71fafb9
tftp: fix memory leak on too long filename
Fixes

$ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz

==9752== Memcheck, a memory error detector
==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz
==9752==
curl: (71) TFTP file name too long

==9752==
==9752== HEAP SUMMARY:
==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11
==9752==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9752==    by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0)
==9752==    by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl)
==9752==    by 0x40E849: operate (in /home/even/install-curl-git/bin/curl)
==9752==    by 0x402693: main (in /home/even/install-curl-git/bin/curl)

Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568
Credit to OSS Fuzz

Closes #1808
2017-08-19 23:26:30 +02:00
.github ISSUE_TEMPLATE: Add a comment not to file security issues on github 2017-07-11 11:48:37 -04:00
CMake cmake: move cmake_uninstall.cmake to CMake/ 2017-08-10 15:05:49 +02:00
docs KNOWN_BUGS: HTTP test server 'connection-monitor' problems 2017-08-18 16:04:55 +02:00
include curl/system.h: check for __ppc__ as well 2017-08-18 15:32:21 +02:00
lib tftp: fix memory leak on too long filename 2017-08-19 23:26:30 +02:00
m4 m4/curl-compilers.m4: use proper quotes around string, not backticks 2017-08-16 00:05:11 +02:00
packages ssh: add the ability to enable compression (for SCP/SFTP) 2017-08-17 03:32:00 -04:00
projects build: check out *.sln files with Windows line endings 2017-08-10 09:11:46 +02:00
scripts scripts/contri*sh: use "git log --use-mailmap" 2017-08-18 22:41:48 +02:00
src metalink: adjust source code style 2017-08-18 08:46:52 +02:00
tests tftp: fix memory leak on too long filename 2017-08-19 23:26:30 +02:00
winbuild BUILD.WINDOWS: mention buildconf.bat for builds off git 2017-08-03 13:50:44 +02:00
.dir-locals.el Add .dir-locals and set c-basic-offset to 2. 2015-12-23 10:16:14 +01:00
.gitattributes .gitattributes: force shell scripts to LF 2017-04-17 08:32:13 +02:00
.gitignore gitignore: ignore .xz now instead of .lzma 2017-08-13 18:11:44 +02:00
.mailmap mailmap: de-duplify some git authors 2017-08-18 17:49:20 +02:00
.travis.yml travis: add metalink to some osx builds 2017-08-16 13:31:13 +02:00
acinclude.m4 CURL_SIZEOF_LONG: removed, use only SIZEOF_LONG 2017-08-17 10:27:00 +02:00
appveyor.yml AppVeyor: now really use CURL_WERROR 2017-07-29 18:47:18 +02:00
buildconf includes: remove curl/curlbuild.h and curl/curlrules.h 2017-06-14 11:07:33 +02:00
buildconf.bat includes: remove curl/curlbuild.h and curl/curlrules.h 2017-06-14 11:07:33 +02:00
CHANGES CHANGES: spell fix, use correct path to script 2017-02-07 08:22:37 +01:00
CMakeLists.txt cmake: sizeof curl_off_t, remove unused detections 2017-08-17 10:26:59 +02:00
configure.ac CURL_SIZEOF_LONG: removed, use only SIZEOF_LONG 2017-08-17 10:27:00 +02:00
COPYING COPYING: update the generic copyright year range 2017-01-07 20:25:43 +01:00
curl-config.in URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
GIT-INFO CHANGES.0: removed 2017-02-07 08:20:10 +01:00
libcurl.pc.in URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
MacOSX-Framework includes: remove curl/curlbuild.h and curl/curlrules.h 2017-06-14 11:07:33 +02:00
Makefile.am cmake: move cmake_uninstall.cmake to CMake/ 2017-08-10 15:05:49 +02:00
Makefile.dist VC: remove the makefile.vc6 build infra 2017-01-23 14:27:32 +01:00
maketgz maketgz: remove old *.dist files before making the tarball 2017-08-10 22:56:49 +02:00
README URLs: follow GitHub project rename (also Travis CI) 2016-02-04 23:01:38 +01:00
README.md README.md: show the coverall coverage on github 2017-06-06 14:40:57 +02:00
RELEASE-NOTES RELEASE-NOTES: synced with 8baead425 2017-08-18 23:30:40 +02:00

curl logo CII Best Practices Coverity passed Build Status Coverage Status

Curl is a command-line tool for transferring data specified with URL syntax. Find out how to use curl by reading the curl.1 man page or the MANUAL document. Find out how to install Curl by reading the INSTALL document.

libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl.3 man page to learn how!

You find answers to the most frequent questions we get in the FAQ document.

Study the COPYING file for distribution terms and similar. If you distribute curl binaries or other binaries that involve libcurl, you might enjoy the LICENSE-MIXING document.

Contact

If you have problems, questions, ideas or suggestions, please contact us by posting to a suitable mailing list.

All contributors to the project are listed in the THANKS document.

Website

Visit the curl web site for the latest news and downloads.

Git

To download the very latest source off the Git server do this:

git clone https://github.com/curl/curl.git

(you'll get a directory named curl created, filled with the source code)

Notice

Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms.