mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-11-21 01:16:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
16,452 Commits 14 Branches 221 Tags 221 MiB
C 74.8%
Perl 8.1%
M4 5%
Python 4.1%
CMake 2.4%
Other 5.6%
192c4f788d
Go to file
Daniel Stenberg 192c4f788d Curl_urldecode: no peeking beyond end of input buffer 
Security problem: CVE-2013-2174

If a program would give a string like "%FF" to curl_easy_unescape() but
ask for it to decode only the first byte, it would still parse and
decode the full hex sequence. The function then not only read beyond the
allowed buffer but it would also deduct the *unsigned* counter variable
for how many more bytes there's left to read in the buffer by two,
making the counter wrap. Continuing this, the function would go on
reading beyond the buffer and soon writing beyond the allocated target
buffer...

Bug: http://curl.haxx.se/docs/adv_20130622.html
Reported-by: Timo Sirainen
2013-06-22 11:21:35 +02:00
CMake
docs Use opened body.out file and write content to it. 2013-06-20 22:53:37 +02:00
include bump version 2013-04-27 23:15:35 +02:00
lib Curl_urldecode: no peeking beyond end of input buffer 2013-06-22 11:21:35 +02:00
m4
packages
perl
src Updated zlib version in build files. 2013-05-11 17:08:00 +02:00
tests test506: verify that CURLOPT_COOKIELIST takes share lock 2013-06-17 23:28:35 +02:00
vs
winbuild
.gitattributes
.gitignore
acinclude.m4
buildconf
buildconf.bat
CHANGES
CHANGES.0
CMakeLists.txt
configure.ac
COPYING
CTestConfig.cmake
curl-config.in
GIT-INFO
install-sh
libcurl.pc.in
log2changes.pl
MacOSX-Framework OS X framework: fix invalid symbolic link 2013-05-09 21:51:35 +02:00
Makefile.am
Makefile.dist
maketgz
missing
mkinstalldirs
README
RELEASE-NOTES RELEASE-NOTES: synced with e305f5ec71 2013-06-20 22:27:33 +02:00
TODO-RELEASE

README 

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

README

  Curl is a command line tool for transferring data specified with URL
  syntax. Find out how to use curl by reading the curl.1 man page or the
  MANUAL document. Find out how to install Curl by reading the INSTALL
  document.

  libcurl is the library curl is using to do its job. It is readily
  available to be used by your software. Read the libcurl.3 man page to
  learn how!

  You find answers to the most frequent questions we get in the FAQ document.

  Study the COPYING file for distribution terms and similar. If you distribute
  curl binaries or other binaries that involve libcurl, you might enjoy the
  LICENSE-MIXING document.

CONTACT

  If you have problems, questions, ideas or suggestions, please contact us
  by posting to a suitable mailing list. See http://curl.haxx.se/mail/

  All contributors to the project are listed in the THANKS document.

WEB SITE

  Visit the curl web site for the latest news and downloads:

        http://curl.haxx.se/

GIT

  To download the very latest source off the GIT server do this:

    git clone git://github.com/bagder/curl.git

  (you'll get a directory named curl created, filled with the source code)

NOTICE

  Curl contains pieces of source code that is Copyright (c) 1998, 1999
  Kungliga Tekniska Högskolan. This notice is included here to comply with the
  distribution terms.