Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/curl/patches/018-CVE-2014-8150.patch
branchs11u2-sru
changeset 4799 f6da2b76c51b
parent 4772 51a400f647ed
child 4800 5aa28a7db635 
--- a/components/curl/patches/018-CVE-2014-8150.patch	Thu Aug 13 01:28:22 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,29 +0,0 @@
-From 4e2ac2afa94f014a2a015c48c678e2367a63ae82 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <[email protected]>
-Date: Thu, 25 Dec 2014 23:55:03 +0100
-Subject: [PATCH] url-parsing: reject CRLFs within URLs
-
-Bug: http://curl.haxx.se/docs/adv_20150108B.html
-Reported-by: Andrey Labunets
----
- lib/url.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-This fix is already available upstream in curl version 7.40.0
-
---- lib/url.c.orig	2015-01-05 17:12:46.302124082 -0800
-+++ lib/url.c	2015-01-05 17:13:15.299976184 -0800
-@@ -3545,6 +3545,13 @@
- 
-   *prot_missing = FALSE;
- 
-+  /* We might pass the entire URL into the request so we need to make sure
-+   * there are no bad characters in there.*/ 
-+  if(strpbrk(data->change.url, "\r\n")) {
-+    failf(data, "Illegal characters found in URL");
-+    return CURLE_URL_MALFORMAT;
-+  }
-+
-   /*************************************************************
-    * Parse the URL.
-    *
upstream/oracle/userland-gate