-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
When duplicating a handle, the data to post was duplicated using strdup() when it could be binary and contain zeroes and it was not even zero terminated! This caused read out of bounds crashes/segfaults. Since the lib/strdup.c file no longer is easily shared with the curl tool with this change, it now uses its own version instead. Bug: http://curl.haxx.se/docs/adv_20141105.html CVE: CVE-2014-3707 Reported-By: Symeon Paraschoudis
- Loading branch information
Showing
9 changed files
with
145 additions
and
61 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
/*************************************************************************** | ||
* _ _ ____ _ | ||
* Project ___| | | | _ \| | | ||
* / __| | | | |_) | | | ||
* | (__| |_| | _ <| |___ | ||
* \___|\___/|_| \_\_____| | ||
* | ||
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
* | ||
* This software is licensed as described in the file COPYING, which | ||
* you should have received as part of this distribution. The terms | ||
* are also available at http://curl.haxx.se/docs/copyright.html. | ||
* | ||
* You may opt to use, copy, modify, merge, publish, distribute and/or sell | ||
* copies of the Software, and permit persons to whom the Software is | ||
* furnished to do so, under the terms of the COPYING file. | ||
* | ||
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
* KIND, either express or implied. | ||
* | ||
***************************************************************************/ | ||
#include "strdup.h" | ||
|
||
#ifndef HAVE_STRDUP | ||
char *strdup(const char *str) | ||
{ | ||
size_t len; | ||
char *newstr; | ||
|
||
if(!str) | ||
return (char *)NULL; | ||
|
||
len = strlen(str); | ||
|
||
if(len >= ((size_t)-1) / sizeof(char)) | ||
return (char *)NULL; | ||
|
||
newstr = malloc((len+1)*sizeof(char)); | ||
if(!newstr) | ||
return (char *)NULL; | ||
|
||
memcpy(newstr,str,(len+1)*sizeof(char)); | ||
|
||
return newstr; | ||
|
||
} | ||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#ifndef HEADER_TOOL_STRDUP_H | ||
#define HEADER_TOOL_STRDUP_H | ||
/*************************************************************************** | ||
* _ _ ____ _ | ||
* Project ___| | | | _ \| | | ||
* / __| | | | |_) | | | ||
* | (__| |_| | _ <| |___ | ||
* \___|\___/|_| \_\_____| | ||
* | ||
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
* | ||
* This software is licensed as described in the file COPYING, which | ||
* you should have received as part of this distribution. The terms | ||
* are also available at http://curl.haxx.se/docs/copyright.html. | ||
* | ||
* You may opt to use, copy, modify, merge, publish, distribute and/or sell | ||
* copies of the Software, and permit persons to whom the Software is | ||
* furnished to do so, under the terms of the COPYING file. | ||
* | ||
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
* KIND, either express or implied. | ||
* | ||
***************************************************************************/ | ||
#include "tool_setup.h" | ||
|
||
#ifndef HAVE_STRDUP | ||
extern char *strdup(const char *str); | ||
#endif | ||
|
||
#endif /* HEADER_TOOL_STRDUP_H */ |