- When downloading compressed content over HTTP and the app as asked libcurl

to automatically uncompress it with the CURLOPT_ENCODING option, libcurl could wrongly provide the callback with more data than what the maximum documented amount. An application could thus get tricked into badness if the maximum limit was trusted to be enforced by libcurl itself (as it is documented). This is further detailed and explained in the libcurl security advisory 20100209 at http://curl.haxx.se/docs/adv_20100209.html
author: Daniel Stenberg <daniel@haxx.se> 2010-02-09 09:35:48 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2010-02-09 09:35:48 +0000
commit: 06ae8ca5a6e452e5cb555c1a511a9df8dec6657c (patch)
tree: 4da3bde9c75aa774767e854132634386f6bac1d3
parent: d33da42334169ad2a1c94571fc51e3735973097b (diff)
download: curl-06ae8ca5a6e452e5cb555c1a511a9df8dec6657c.tar.gz
3 files changed, 17 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index 34771d2ae..f78b2029d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,19 @@
 
                                   Changelog
 
+Daniel Stenberg (9 Feb 2010)
+- When downloading compressed content over HTTP and the app as asked libcurl
+  to automatically uncompress it with the CURLOPT_ENCODING option, libcurl
+  could wrongly provide the callback with more data than what the maximum
+  documented amount. An application could thus get tricked into badness if the
+  maximum limit was trusted to be enforced by libcurl itself (as it is
+  documented).
+
+  This is further detailed and explained in the libcurl security advisory
+  20100209 at
+
+    http://curl.haxx.se/docs/adv_20100209.html
+
 Daniel Fandrich (3 Feb 2010)
 - Changed the Watcom makefiles to make them easier to keep in sync with
   Makefile.inc since that can't be included directly.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 22f362085..fceaafc64 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -52,6 +52,8 @@ This release includes the following bugfixes:
  o FTP file size checks with ASCII transfers
  o HTTP Cookie: headers sort cookies based on specified path lengths
  o CURLM_CALL_MULTI_PERFORM fix for multi socket timeout calls
+ o libcurl data callback excessive length:
+   http://curl.haxx.se/docs/adv_20100209.html
 
 This release includes the following known bugs:
 
@@ -66,6 +68,6 @@ advice from friends like these:
  Markus Koetter, Chad Monroe, Martin Storsjo, Siegfried Gyuricsko,
  Jon Nelson, Julien Chaffraix, Renato Botelho, Peter Pentchev, Ingmar Runge,
  Johan van Selst, Charles Kerr, Gil Weber, David McCreedy, Chris Conroy,
- Bjorn Stenberg, Mike Crowe, Joshua Kwan, Daniel Fandrich
+ Bjorn Stenberg, Mike Crowe, Joshua Kwan, Daniel Fandrich, Wesley Miaw
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/content_encoding.c b/lib/content_encoding.c
index 85362da41..b8f57d001 100644
--- a/lib/content_encoding.c
+++ b/lib/content_encoding.c
@@ -40,7 +40,7 @@
    (doing so will reduce code size slightly). */
 #define OLD_ZLIB_SUPPORT 1
 
-#define DSIZ 0x10000             /* buffer size for decompressed data */
+#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */
 
 #define GZIP_MAGIC_0 0x1f
 #define GZIP_MAGIC_1 0x8b
author	Daniel Stenberg <daniel@haxx.se>	2010-02-09 09:35:48 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2010-02-09 09:35:48 +0000
commit	06ae8ca5a6e452e5cb555c1a511a9df8dec6657c (patch)
tree	4da3bde9c75aa774767e854132634386f6bac1d3
parent	d33da42334169ad2a1c94571fc51e3735973097b (diff)
download	curl-06ae8ca5a6e452e5cb555c1a511a9df8dec6657c.tar.gz