diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2014-10-17 12:59:32 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2014-11-05 08:05:14 +0100 |
| commit | b3875606925536f82fc61f3114ac42f29eaf6945 (patch) | |
| tree | 229666d262222b2f34967e00fb5300ec69cda258 /src/Makefile.inc | |
| parent | d997c8b2f6521d78c6ef63411cfeb226f7927281 (diff) | |
| download | curl-b3875606925536f82fc61f3114ac42f29eaf6945.tar.gz | |
curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.
Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.
Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
Diffstat (limited to 'src/Makefile.inc')
| -rw-r--r-- | src/Makefile.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/Makefile.inc b/src/Makefile.inc index 64d55ecf9..401a635ad 100644 --- a/src/Makefile.inc +++ b/src/Makefile.inc @@ -11,7 +11,6 @@ # the official API, but we re-use the code here to avoid duplication. CURLX_CFILES = \ ../lib/strtoofft.c \ - ../lib/strdup.c \ ../lib/rawstr.c \ ../lib/nonblock.c \ ../lib/warnless.c @@ -19,7 +18,6 @@ CURLX_CFILES = \ CURLX_HFILES = \ ../lib/curl_setup.h \ ../lib/strtoofft.h \ - ../lib/strdup.h \ ../lib/rawstr.h \ ../lib/nonblock.h \ ../lib/warnless.h @@ -55,6 +53,7 @@ CURL_CFILES = \ tool_panykey.c \ tool_paramhlp.c \ tool_parsecfg.c \ + tool_strdup.c \ tool_setopt.c \ tool_sleep.c \ tool_urlglob.c \ @@ -99,6 +98,7 @@ CURL_HFILES = \ tool_setopt.h \ tool_setup.h \ tool_sleep.h \ + tool_strdup.h \ tool_urlglob.h \ tool_util.h \ tool_version.h \ |