aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2010-09-16 23:11:48 +0200
committerDaniel Stenberg <daniel@haxx.se>2010-10-12 22:56:21 +0200
commit81f151c912105ded480c3c88a1be53ca345298a1 (patch)
treea39733015b4fb59728ba836cb352f02d241b9ead
parentb80490641414983404eda65095224535a41a12ec (diff)
header_callback: strip off file path separated with backslashes
If the filename contains a backslash, only use filename portion. The idea is that even systems that don't handle backslashes as path separators probably want that path removed for convenience. This flaw is considered a security problem, see the curl security vulnerability http://curl.haxx.se/docs/adv_20101013.html
-rw-r--r--src/main.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/main.c b/src/main.c
index 8572328cd..95b47ea3a 100644
--- a/src/main.c
+++ b/src/main.c
@@ -4368,6 +4368,18 @@ parse_filename(char *ptr, size_t len)
}
}
+ /* If the filename contains a backslash, only use filename portion. The idea
+ is that even systems that don't handle backslashes as path separators
+ probably want the path removed for convenience. */
+ q = strrchr(p, '\\');
+ if (q) {
+ p = q+1;
+ if (!*p) {
+ free(copy);
+ return NULL;
+ }
+ }
+
if(quote) {
/* if the file name started with a quote, then scan for the end quote and
stop there */