mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-11-27 05:50:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
18,524 Commits 14 Branches 221 Tags 224 MiB
C 74.8%
Perl 8.1%
M4 5%
Python 4.1%
CMake 2.4%
Other 5.6%
b387560692
Go to file
Daniel Stenberg b387560692 curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds 
When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.

Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.

Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
2014-11-05 08:05:14 +01:00
CMake cmake: fix struct sockaddr_storage check 2014-11-03 09:10:54 +01:00
docs INSTALL: Consistent spacing in section headings, paragraphs and examples 2014-11-04 14:07:55 +00:00
include CURL_VERSION_KERBEROS4: Mark as deprecated 2014-11-02 00:50:16 +00:00
lib curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds 2014-11-05 08:05:14 +01:00
m4 Enable poll on darwin13 2014-05-06 08:31:10 +02:00
packages OS400: fix bugs in curl_*escape_ccsid() and reduce variables scope 2014-10-14 15:43:25 +02:00
perl
projects README: Corrected inconsistent use of --help 2014-11-04 12:32:33 +00:00
src curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds 2014-11-05 08:05:14 +01:00
tests lib544.c: use duphandle for test 545 2014-11-05 08:05:14 +01:00
winbuild newlines: fix mixed newlines to LF-only 2014-09-12 10:22:34 +02:00
.gitattributes
.gitignore gitignore: ignore .dirstamp files 2013-12-18 14:35:56 +01:00
.travis.yml Adding a .travis.yml file to use the travis-ci.org 2013-10-21 23:15:16 +02:00
acinclude.m4 configure: allow --with-ca-path with PolarSSL too 2014-09-13 14:57:21 +02:00
buildconf buildconf: update copyright year 2014-11-04 19:53:44 +01:00
buildconf.bat
CHANGES
CHANGES.0
CMakeLists.txt cmake: fix ZLIB_INCLUDE_DIRS use 2014-11-04 11:51:53 +01:00
configure.ac configure.ac: remove checks for OpenSSL NPN/ALPN funcs again 2014-10-29 22:38:39 +01:00
contributors.sh contributors.sh: split list of names at comma 2014-09-12 15:12:06 +02:00
COPYING Bumped copyright year to 2014 2014-01-02 23:53:49 +00:00
CTestConfig.cmake
curl-config.in curl-config.in: replace tabs by spaces 2013-06-22 22:08:42 +02:00
GIT-INFO
install-sh Remove all traces of FBOpenSSL SPNEGO support 2014-07-16 17:26:08 +02:00
libcurl.pc.in
log2changes.pl
MacOSX-Framework OS X framework: fix invalid symbolic link 2013-05-09 21:51:35 +02:00
Makefile.am Makefile.am: two cmake files are gone 2014-11-04 08:58:01 +01:00
Makefile.dist Added VC ssh2 target to main Makefile. 2014-10-23 19:30:19 +02:00
maketgz newlines: fix mixed newlines to LF-only 2014-09-12 10:22:34 +02:00
missing
mkinstalldirs Remove all traces of FBOpenSSL SPNEGO support 2014-07-16 17:26:08 +02:00
README
RELEASE-NOTES RELEASE-NOTES: Synced with d71ea7c01e 2014-11-02 23:20:32 +00:00
TODO-RELEASE TODO-RELEASE: cleaned up, not really maintained lately 2013-04-08 08:32:10 +02:00

README 

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

README

  Curl is a command line tool for transferring data specified with URL
  syntax. Find out how to use curl by reading the curl.1 man page or the
  MANUAL document. Find out how to install Curl by reading the INSTALL
  document.

  libcurl is the library curl is using to do its job. It is readily
  available to be used by your software. Read the libcurl.3 man page to
  learn how!

  You find answers to the most frequent questions we get in the FAQ document.

  Study the COPYING file for distribution terms and similar. If you distribute
  curl binaries or other binaries that involve libcurl, you might enjoy the
  LICENSE-MIXING document.

CONTACT

  If you have problems, questions, ideas or suggestions, please contact us
  by posting to a suitable mailing list. See http://curl.haxx.se/mail/

  All contributors to the project are listed in the THANKS document.

WEB SITE

  Visit the curl web site for the latest news and downloads:

        http://curl.haxx.se/

GIT

  To download the very latest source off the GIT server do this:

    git clone git://github.com/bagder/curl.git

  (you'll get a directory named curl created, filled with the source code)

NOTICE

  Curl contains pieces of source code that is Copyright (c) 1998, 1999
  Kungliga Tekniska Högskolan. This notice is included here to comply with the
  distribution terms.