diff options
author | Ray Satiro <raysatiro@yahoo.com> | 2016-01-26 23:23:15 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2016-01-26 23:42:55 +0100 |
commit | 3017d8a8d8849ebd4feae4f5eae037cd55736a61 (patch) | |
tree | 976231c185eafd16960d905dc73a7ca0c04ff59f /src/tool_doswin.h | |
parent | cea1fd7a9414b628e3b462b08ee3b64f24a689d1 (diff) | |
download | curl-3017d8a8d8849ebd4feae4f5eae037cd55736a61.tar.gz |
curl: avoid local drive traversal when saving file (Windows)
curl does not sanitize colons in a remote file name that is used as the
local file name. This may lead to a vulnerability on systems where the
colon is a special path character. Currently Windows/DOS is the only OS
where this vulnerability applies.
CVE-2016-0754
Bug: http://curl.haxx.se/docs/adv_20160127B.html
Diffstat (limited to 'src/tool_doswin.h')
-rw-r--r-- | src/tool_doswin.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/tool_doswin.h b/src/tool_doswin.h index cd216dbc5..fc83f16bb 100644 --- a/src/tool_doswin.h +++ b/src/tool_doswin.h @@ -25,7 +25,7 @@ #if defined(MSDOS) || defined(WIN32) -char *sanitize_dos_name(char *file_name); +CURLcode sanitize_file_name(char **filename); #if defined(MSDOS) && (defined(__DJGPP__) || defined(__GO32__)) |