delta/curl.git/tests/libtest/lib557.c, branch bagder/test493-https github.com: bagder/curl.git curl.se: new home 2020-11-04T22:59:47+00:00 Daniel Stenberg daniel@haxx.se 2020-11-04T13:02:01+00:00 4d2f8006777d6354d9b62eae38ebd0a0256d0f94 Closes #6172 
Closes #6172
copyright: update/correct the year range on a few files 2020-08-14T08:20:27+00:00 Daniel Stenberg daniel@haxx.se 2020-08-14T08:20:27+00:00 010fb9830b1b8503792acb59cc8b71642e2c7a9b 






mprintf: Fix stack overflows
2020-07-27T07:43:00+00:00

Tobias Stoeckmann
tobias@stoeckmann.org

2020-07-25T15:30:12+00:00

8829703b5a8d595457f3f4954cf09e6d6bae1523

Stack overflows can occur with precisions for integers and floats.

Proof of concepts:
- curl_mprintf("%d, %.*1$d", 500, 1);
- curl_mprintf("%d, %+0500.*1$f", 500, 1);

Ideally, compile with -fsanitize=address which makes this undefined
behavior a bit more defined for debug purposes.

The format strings are valid. The overflows occur due to invalid
arguments. If these arguments are variables with contents controlled
by an attacker, the function's stack can be corrupted.

Also see CVE-2016-9586 which partially fixed the float aspect.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

Closes https://github.com/curl/curl/pull/5722





Stack overflows can occur with precisions for integers and floats.

Proof of concepts:
- curl_mprintf("%d, %.*1$d", 500, 1);
- curl_mprintf("%d, %+0500.*1$f", 500, 1);

Ideally, compile with -fsanitize=address which makes this undefined
behavior a bit more defined for debug purposes.

The format strings are valid. The overflows occur due to invalid
arguments. If these arguments are variables with contents controlled
by an attacker, the function's stack can be corrupted.

Also see CVE-2016-9586 which partially fixed the float aspect.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

Closes https://github.com/curl/curl/pull/5722







copyrights: update all copyright notices to 2019 on files changed this year
2019-11-02T22:15:56+00:00

Vilhelm Prytz
vilhelm@prytznet.se

2019-10-31T20:06:19+00:00

d0319adb0c9b0931310fa57131584e15f5cba7bb

Closes #4547





Closes #4547







lib557: initialize variables
2019-04-11T19:08:41+00:00

Marcel Raad
Marcel.Raad@teamviewer.com

2019-04-05T09:18:12+00:00

d250ed4753b74889fb699a9ee638d7d2e48c2b01

These variables are only conditionally initialized.

Closes https://github.com/curl/curl/pull/3739





These variables are only conditionally initialized.

Closes https://github.com/curl/curl/pull/3739







printf: fix format specifiers
2019-01-04T22:50:48+00:00

Rikard Falkeborn
rikard.falkeborn@gmail.com

2018-09-16T20:04:49+00:00

fa2d6ba84d7f87148738f3cbccf29016dd324f87

Closes #3426





Closes #3426







build: remove HAVE_LIMITS_H check
2018-01-06T04:34:30+00:00

Jay Satiro
raysatiro@yahoo.com

2018-01-03T19:40:52+00:00

908a9a6742b1010894fae2a4a9cf797b051d6c33

.. because limits.h presence isn't optional, it's required by C89.

Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2

Closes https://github.com/curl/curl/pull/2215





.. because limits.h presence isn't optional, it's required by C89.

Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2

Closes https://github.com/curl/curl/pull/2215







code style: use spaces around pluses
2017-09-11T07:29:50+00:00

Daniel Stenberg
daniel@haxx.se

2017-09-09T21:55:08+00:00

e5743f08e7efb387bb39c0dc28f36838ece3bc1e












code style: use spaces around equals signs
2017-09-11T07:29:50+00:00

Daniel Stenberg
daniel@haxx.se

2017-09-09T21:09:06+00:00

6b84438d9a9220fb75cbaae9d6fe6c3edb6d425e












lib557: no longer use CURL_SIZEOF_* defines
2017-08-17T08:27:00+00:00

Daniel Stenberg
daniel@haxx.se

2017-08-12T13:54:06+00:00

ab2ef24d5d7576fc2f0cb57be947323376324782