mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-03-01 15:15:34 +08:00
Code Issues Packages Projects Releases Wiki Activity
94b03664de
curl/lib
History
Tobias Stoeckmann 94b03664de mprintf: Fix dollar string handling 
Verify that specified parameters are in range. If parameters are too
large, fail early on and avoid out of boundary accesses.

Also do not read behind boundaries of illegal format strings.

These are defensive measures since it is expected that format strings
are well-formed. Format strings should not be modifiable by user
input due to possible generic format string attacks.

Closes https://github.com/curl/curl/pull/5722
2020-07-27 03:42:59 -04:00
..
vauth ntlm: free target_info before (re-)malloc 2020-07-26 23:48:36 +02:00
vquic ngtcp2: adjust to recent sockaddr updates 2020-07-16 23:56:42 +02:00
vssh libssh2: keep sftp errors as 'unsigned long' 2020-06-08 08:38:48 +02:00
vtls nss: fix build with disabled proxy support 2020-07-14 23:42:20 +02:00
.gitattributes
.gitignore
altsvc.c altsvc: bump to h3-29 2020-06-19 23:29:26 +02:00
altsvc.h altsvc: remove the num field from the altsvc struct 2020-06-12 23:24:11 +02:00
amigaos.c
amigaos.h
arpa_telnet.h
asyn-ares.c timeouts: move ms timeouts to timediff_t from int and long 2020-06-06 20:05:58 +02:00
asyn-thread.c build: disable more code/data when built without proxy support 2020-05-30 23:18:16 +02:00
asyn.h asyn.h: remove the Curl_resolver_getsock define 2020-07-12 18:06:50 +02:00
base64.c
checksrc.pl wording: avoid blacklist/whitelist stereotypes 2020-06-10 08:49:17 +02:00
CMakeLists.txt
config-amigaos.h
config-dos.h
config-mac.h
config-os400.h
config-plan9.h
config-riscos.h
config-symbian.h
config-tpf.h
config-vxworks.h
config-win32.h source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
config-win32ce.h
conncache.c conncache: download buffer needs +1 size for trailing zero 2020-05-31 17:45:57 +02:00
conncache.h
connect.c connect: improve happy eyeballs handling 2020-06-18 00:20:42 +02:00
connect.h source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
content_encoding.c content_encoding: add zstd decoding support 2020-07-12 18:11:37 +02:00
content_encoding.h source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
cookie.c terminology: call them null-terminated strings 2020-06-28 00:31:24 +02:00
cookie.h
curl_addrinfo.c Curl_addrinfo: use one malloc instead of three 2020-06-08 16:10:53 +02:00
curl_addrinfo.h copyright: updated year ranges out of sync 2020-05-24 00:02:33 +02:00
curl_base64.h
curl_config.h.cmake content_encoding: add zstd decoding support 2020-07-12 18:11:37 +02:00
curl_ctype.c
curl_ctype.h
curl_des.c
curl_des.h
curl_endian.c
curl_endian.h
curl_fnmatch.c
curl_fnmatch.h
curl_get_line.c
curl_get_line.h
curl_gethostname.c
curl_gethostname.h
curl_gssapi.c
curl_gssapi.h
curl_hmac.h source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
curl_ldap.h
curl_md4.h
curl_md5.h source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
curl_memory.h
curl_memrchr.c
curl_memrchr.h
curl_multibyte.c multibyte: Fixed access-> waccess to file for Windows Plarform 2020-06-21 19:31:39 +02:00
curl_multibyte.h curl_multibyte: add to curlx 2020-05-14 18:13:27 +02:00
curl_ntlm_core.c ntlm: enable NTLM support with wolfSSL 2020-06-16 09:06:19 +02:00
curl_ntlm_core.h ntlm: enable NTLM support with wolfSSL 2020-06-16 09:06:19 +02:00
curl_ntlm_wb.c http: move header storage to Curl_easy from connectdata 2020-06-15 22:56:25 +02:00
curl_ntlm_wb.h
curl_path.c escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
curl_path.h
curl_printf.h
curl_range.c
curl_range.h
curl_rtmp.c
curl_rtmp.h
curl_sasl.c build: disable more code/data when built without proxy support 2020-05-30 23:18:16 +02:00
curl_sasl.h
curl_sec.h
curl_setup_once.h tool: support UTF-16 command line on Windows 2020-05-14 18:13:36 +02:00
curl_setup.h multibyte: Fixed access-> waccess to file for Windows Plarform 2020-06-21 19:31:39 +02:00
curl_sha256.h
curl_sspi.c curl_multibyte: add to curlx 2020-05-14 18:13:27 +02:00
curl_sspi.h
curl_threads.c checksrc: enhance the ASTERISKSPACE and update code accordingly 2020-05-14 00:02:05 +02:00
curl_threads.h
curlx.h curl_multibyte: add to curlx 2020-05-14 18:13:27 +02:00
dict.c escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
dict.h
doh.c doh: remove redundant cast 2020-07-21 20:00:29 +02:00
doh.h source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
dotdot.c terminology: call them null-terminated strings 2020-06-28 00:31:24 +02:00
dotdot.h
dynbuf.c terminology: call them null-terminated strings 2020-06-28 00:31:24 +02:00
dynbuf.h terminology: call them null-terminated strings 2020-06-28 00:31:24 +02:00
easy.c timeouts: move ms timeouts to timediff_t from int and long 2020-06-06 20:05:58 +02:00
easyif.h
escape.c escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
escape.h escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
file.c escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
file.h
fileinfo.c
fileinfo.h
firefox-db2pem.sh
formdata.c terminology: call them null-terminated strings 2020-06-28 00:31:24 +02:00
formdata.h source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
ftp.c terminology: call them null-terminated strings 2020-06-28 00:31:24 +02:00
ftp.h
ftplistparser.c
ftplistparser.h
getenv.c
getinfo.c CURLINFO_EFFECTIVE_METHOD: added 2020-07-14 17:53:45 +02:00
getinfo.h
gopher.c escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
gopher.h
hash.c
hash.h
hmac.c source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
hostasyn.c source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
hostcheck.c
hostcheck.h
hostip4.c source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
hostip6.c hostip: make Curl_printable_address not return anything 2020-05-19 08:11:46 +02:00
hostip.c hostip: fix the memory-leak introduced in 67d2802 2020-06-02 12:43:50 +02:00
hostip.h hostip: make Curl_printable_address not return anything 2020-05-19 08:11:46 +02:00
hostsyn.c
http2.c CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream 2020-07-16 00:24:29 +02:00
http2.h
http_chunks.c trailers: switch h1-trailer logic to use dynbuf 2020-06-05 17:57:24 +02:00
http_chunks.h
http_digest.c http: move header storage to Curl_easy from connectdata 2020-06-15 22:56:25 +02:00
http_digest.h http: move header storage to Curl_easy from connectdata 2020-06-15 22:56:25 +02:00
http_negotiate.c http: move header storage to Curl_easy from connectdata 2020-06-15 22:56:25 +02:00
http_negotiate.h
http_ntlm.c http: move header storage to Curl_easy from connectdata 2020-06-15 22:56:25 +02:00
http_ntlm.h
http_proxy.c http: move header storage to Curl_easy from connectdata 2020-06-15 22:56:25 +02:00
http_proxy.h
http.c CURLINFO_EFFECTIVE_METHOD: added 2020-07-14 17:53:45 +02:00
http.h http2: simplify and clean up trailer handling 2020-05-07 09:49:51 +02:00
idn_win32.c curl_multibyte: add to curlx 2020-05-14 18:13:27 +02:00
if2ip.c Curl_inet_ntop: always check the return code 2020-06-24 16:04:54 +02:00
if2ip.h
imap.c escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
imap.h
inet_ntop.c
inet_ntop.h
inet_pton.c
inet_pton.h
krb5.c
ldap.c escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
libcurl.plist
libcurl.rc
libcurl.vers.in
llist.c
llist.h
Makefile.am
makefile.amiga
makefile.dj
Makefile.inc vtls: Extract and simplify key log file handling from OpenSSL 2020-05-27 21:19:51 +02:00
Makefile.m32 content_encoding: add zstd decoding support 2020-07-12 18:11:37 +02:00
Makefile.netware
Makefile.vxworks
Makefile.Watcom
md4.c md(4|5): don't use deprecated macOS functions 2020-07-19 10:34:52 +02:00
md5.c md(4|5): don't use deprecated macOS functions 2020-07-19 10:34:52 +02:00
memdebug.c
memdebug.h
mime.c terminology: call them null-terminated strings 2020-06-28 00:31:24 +02:00
mime.h source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
mk-ca-bundle.pl
mk-ca-bundle.vbs
mprintf.c mprintf: Fix dollar string handling 2020-07-27 03:42:59 -04:00
mqtt.c escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
mqtt.h
multi.c multi: remove two checks always true 2020-07-14 00:12:08 +02:00
multihandle.h Revert "multi: implement wait using winsock events" 2020-06-30 12:27:23 +02:00
multiif.h url: make sure pushed streams get an allocated download buffer 2020-06-23 15:13:27 +02:00
netrc.c
netrc.h
non-ascii.c
non-ascii.h
nonblock.c
nonblock.h
nwlib.c source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
nwos.c
openldap.c source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
parsedate.c
parsedate.h
pingpong.c terminology: call them null-terminated strings 2020-06-28 00:31:24 +02:00
pingpong.h timeouts: change millisecond timeouts to timediff_t from time_t 2020-05-30 23:10:57 +02:00
pop3.c escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
pop3.h
progress.c timeouts: change millisecond timeouts to timediff_t from time_t 2020-05-30 23:10:57 +02:00
progress.h
psl.c
psl.h
quic.h connect: improve happy eyeballs handling 2020-06-18 00:20:42 +02:00
rand.c
rand.h
rename.c
rename.h
rtsp.c http: move header storage to Curl_easy from connectdata 2020-06-15 22:56:25 +02:00
rtsp.h
security.c
select.c select: remove the unused ELAPSED_MS() macro 2020-06-18 00:11:25 +02:00
select.h select: use timediff_t instead of time_t and int for timeout_ms 2020-05-30 10:20:40 +02:00
sendf.c sendf: improve the message on client write errors 2020-06-24 16:03:40 +02:00
sendf.h
setopt.c urldata: let the HTTP method be in the set.* struct 2020-06-02 16:30:36 +02:00
setopt.h setopt: support certificate options in memory with struct curl_blob 2020-05-15 13:03:59 +02:00
setup-os400.h checksrc: enhance the ASTERISKSPACE and update code accordingly 2020-05-14 00:02:05 +02:00
setup-vms.h copyright: updated year ranges out of sync 2020-05-24 00:02:33 +02:00
setup-win32.h
sha256.c sha256: move assign to the declaration line 2020-05-19 08:52:38 +02:00
share.c share: don't set the share flag it something fails 2020-06-12 09:42:52 +02:00
share.h
sigpipe.h
slist.c
slist.h
smb.c escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
smb.h
smtp.c escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
smtp.h
sockaddr.h
socketpair.c
socketpair.h
socks_gssapi.c all: fix codespell errors 2020-05-25 19:44:04 +00:00
socks_sspi.c all: fix codespell errors 2020-05-25 19:44:04 +00:00
socks.c socks: use size_t for size variable 2020-07-12 22:52:19 +02:00
socks.h
speedcheck.c
speedcheck.h
splay.c
splay.h
strcase.c
strcase.h
strdup.c strdup: remove the odd strlen check 2020-07-18 12:37:25 +02:00
strdup.h
strerror.c terminology: call them null-terminated strings 2020-06-28 00:31:24 +02:00
strerror.h
strtok.c terminology: call them null-terminated strings 2020-06-28 00:31:24 +02:00
strtok.h
strtoofft.c
strtoofft.h
system_win32.c
system_win32.h
telnet.c copyright: update mismatched copyright years 2020-06-22 11:55:34 +02:00
telnet.h
tftp.c escape: make the URL decode able to reject only %00 bytes 2020-06-25 09:57:18 +02:00
tftp.h
timeval.c
timeval.h
transfer.c transfer: fix memory-leak with CURLOPT_CURLU in a duped handle 2020-07-12 16:36:02 +02:00
transfer.h
url.c url: silence MSVC warning 2020-07-02 13:31:22 +02:00
url.h build: disable more code/data when built without proxy support 2020-05-30 23:18:16 +02:00
urlapi-int.h
urlapi.c terminology: call them null-terminated strings 2020-06-28 00:31:24 +02:00
urldata.h CURLINFO_EFFECTIVE_METHOD: added 2020-07-14 17:53:45 +02:00
version.c windows: add unicode to feature list 2020-07-14 08:30:17 +00:00
warnless.c
warnless.h
wildcard.c
wildcard.h
x509asn1.c source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
x509asn1.h source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00