Google Git
Sign in
android / platform / external / curl / efbbbf4f7a92cc1b6bd5d86b0da567e7c71d0d04
commitefbbbf4f7a92cc1b6bd5d86b0da567e7c71d0d04[log] [tgz]
authorJay Satiro <raysatiro@yahoo.com>Tue Nov 14 01:19:14 2023 -0500
committerJay Satiro <raysatiro@yahoo.com>Tue Nov 14 04:14:01 2023 -0500
tree8ae4d81d2f67be6af5aef5b4558acfbfc50ccbf4
parent50bf253357a2c7d61bb136737c15df7350e2f303 [diff]
tool_cb_hdr: add an additional parsing check

- Don't dereference the past-the-end element when parsing the server's
  Content-disposition header.

As 'p' is advanced it can point to the past-the-end element and prior
to this change 'p' could be dereferenced in that case.

Technically the past-the-end element is not out of bounds because dynbuf
(which manages the header line) automatically adds a null terminator to
every buffer and that is not included in the buffer length passed to
the header callback.

Closes https://github.com/curl/curl/pull/12320
1 file changed
tree: 8ae4d81d2f67be6af5aef5b4558acfbfc50ccbf4
  1. .circleci/
  2. .github/
  3. .reuse/
  4. CMake/
  5. docs/
  6. include/
  7. lib/
  8. LICENSES/
  9. m4/
  10. packages/
  11. plan9/
  12. projects/
  13. scripts/
  14. src/
  15. tests/
  16. winbuild/
  17. .azure-pipelines.yml
  18. .cirrus.yml
  19. .dcignore
  20. .dir-locals.el
  21. .git-blame-ignore-revs
  22. .gitattributes
  23. .gitignore
  24. .mailmap
  25. acinclude.m4
  26. appveyor.yml
  27. buildconf
  28. buildconf.bat
  29. CHANGES
  30. CMakeLists.txt
  31. configure.ac
  32. COPYING
  33. curl-config.in
  34. GIT-INFO
  35. libcurl.def
  36. libcurl.pc.in
  37. MacOSX-Framework
  38. Makefile.am
  39. Makefile.dist
  40. maketgz
  41. README
  42. README.md
  43. RELEASE-NOTES
  44. SECURITY.md
README.md

curl logo

Curl is a command-line tool for transferring data specified with URL syntax. Find out how to use curl by reading the curl.1 man page or the MANUAL document. Find out how to install Curl by reading the INSTALL document.

libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl.3 man page to learn how.

You can find answers to the most frequent questions we get in the FAQ document.

Study the COPYING file for distribution terms.

Contact

If you have problems, questions, ideas or suggestions, please contact us by posting to a suitable mailing list.

All contributors to the project are listed in the THANKS document.

Commercial support

For commercial support, maybe private and dedicated help with your problems or applications using (lib)curl visit the support page.

Website

Visit the curl website for the latest news and downloads.

Git

To download the latest source from the Git server, do this:

git clone https://github.com/curl/curl.git

(you will get a directory named curl created, filled with the source code)

Security problems

Report suspected security problems via our HackerOne page and not in public.

Notice

Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms.

Backers

Thank you to all our backers! 🙏 Become a backer.

Sponsors

Support this project by becoming a sponsor.