Google Git
Sign in
android / platform / external / curl / 3017d8a8d8849ebd4feae4f5eae037cd55736a61
commit3017d8a8d8849ebd4feae4f5eae037cd55736a61[log] [tgz]
authorRay Satiro <raysatiro@yahoo.com>Tue Jan 26 23:23:15 2016 +0100
committerDaniel Stenberg <daniel@haxx.se>Tue Jan 26 23:42:55 2016 +0100
tree976231c185eafd16960d905dc73a7ca0c04ff59f
parentcea1fd7a9414b628e3b462b08ee3b64f24a689d1 [diff]
curl: avoid local drive traversal when saving file (Windows)

curl does not sanitize colons in a remote file name that is used as the
local file name. This may lead to a vulnerability on systems where the
colon is a special path character. Currently Windows/DOS is the only OS
where this vulnerability applies.

CVE-2016-0754

Bug: http://curl.haxx.se/docs/adv_20160127B.html
4 files changed
tree: 976231c185eafd16960d905dc73a7ca0c04ff59f
  1. CMake/
  2. docs/
  3. include/
  4. lib/
  5. m4/
  6. packages/
  7. projects/
  8. scripts/
  9. src/
  10. tests/
  11. winbuild/
  12. .dir-locals.el
  13. .gitattributes
  14. .gitignore
  15. .travis.yml
  16. acinclude.m4
  17. appveyor.yml
  18. buildconf
  19. buildconf.bat
  20. CHANGES
  21. CHANGES.0
  22. CMakeLists.txt
  23. configure.ac
  24. CONTRIBUTING.md
  25. COPYING
  26. CTestConfig.cmake
  27. curl-config.in
  28. GIT-INFO
  29. libcurl.pc.in
  30. MacOSX-Framework
  31. Makefile.am
  32. Makefile.dist
  33. maketgz
  34. README
  35. RELEASE-NOTES