Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/curl/patches/018-CVE-2014-8150.patch
branchs11-update
changeset 3604 74d6339fede1
equal deleted inserted replaced
3603:6ad508fa4d38 3604:74d6339fede1 
       
     1 From 4e2ac2afa94f014a2a015c48c678e2367a63ae82 Mon Sep 17 00:00:00 2001
 
       
     2 From: Daniel Stenberg <[email protected]>
 
       
     3 Date: Thu, 25 Dec 2014 23:55:03 +0100
 
       
     4 Subject: [PATCH] url-parsing: reject CRLFs within URLs
 
       
     5 
       
     6 Bug: http://curl.haxx.se/docs/adv_20150108B.html
 
       
     7 Reported-by: Andrey Labunets
 
       
     8 ---
 
       
     9  lib/url.c | 7 +++++++
 
       
    10  1 file changed, 7 insertions(+)
 
       
    11 
       
    12 This fix is already available upstream in curl version 7.40.0
 
       
    13 
       
    14 --- lib/url.c.orig	2015-01-05 17:12:46.302124082 -0800
 
       
    15 +++ lib/url.c	2015-01-05 17:13:15.299976184 -0800
 
       
    16 @@ -3545,6 +3545,13 @@
 
       
    17  
       
    18    *prot_missing = FALSE;
 
       
    19  
       
    20 +  /* We might pass the entire URL into the request so we need to make sure
 
       
    21 +   * there are no bad characters in there.*/ 
       
    22 +  if(strpbrk(data->change.url, "\r\n")) {
 
       
    23 +    failf(data, "Illegal characters found in URL");
 
       
    24 +    return CURLE_URL_MALFORMAT;
 
       
    25 +  }
 
       
    26 +
 
       
    27    /*************************************************************
 
       
    28     * Parse the URL.
 
       
    29     *
upstream/oracle/userland-gate