Google Git
Sign in
fuchsia / third_party / curl / b3875606925536f82fc61f3114ac42f29eaf6945
commitb3875606925536f82fc61f3114ac42f29eaf6945[log] [tgz]
authorDaniel Stenberg <daniel@haxx.se>Fri Oct 17 12:59:32 2014 +0200
committerDaniel Stenberg <daniel@haxx.se>Wed Nov 05 08:05:14 2014 +0100
tree229666d262222b2f34967e00fb5300ec69cda258
parentd997c8b2f6521d78c6ef63411cfeb226f7927281 [diff]
curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds

When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.

Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.

Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
9 files changed
tree: 229666d262222b2f34967e00fb5300ec69cda258
  1. CMake/
  2. docs/
  3. include/
  4. lib/
  5. m4/
  6. packages/
  7. perl/
  8. projects/
  9. src/
  10. tests/
  11. winbuild/
  12. .gitattributes
  13. .gitignore
  14. .travis.yml
  15. acinclude.m4
  16. buildconf
  17. buildconf.bat
  18. CHANGES
  19. CHANGES.0
  20. CMakeLists.txt
  21. configure.ac
  22. contributors.sh
  23. COPYING
  24. CTestConfig.cmake
  25. curl-config.in
  26. GIT-INFO
  27. install-sh
  28. libcurl.pc.in
  29. log2changes.pl
  30. MacOSX-Framework
  31. Makefile.am
  32. Makefile.dist
  33. maketgz
  34. missing
  35. mkinstalldirs
  36. README
  37. RELEASE-NOTES
  38. TODO-RELEASE