aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorLinos Giannopoulos <lgian@skroutz.gr>2019-07-05 17:48:07 +0300
committerDaniel Stenberg <daniel@haxx.se>2019-07-14 16:29:55 +0200
commit6080ea098d97393da32c6f66eb95c7144620298c (patch)
tree1c4bf7d389268ac150ac88859c52f1d6fb5aee25 /docs
parent7e8f1916d6d90b6b2a68833846a52e1ea9dbb309 (diff)
libcurl: Restrict redirect schemes
All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS counterpart were allowed for redirect. This vastly broadens the exploitation surface in case of a vulnerability such as SSRF [1], where libcurl-based clients are forced to make requests to arbitrary hosts. For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based protocol by URL-encoding a payload in the URI. Gopher will open a TCP connection and send the payload. Only HTTP/HTTPS and FTP are allowed. All other protocols have to be explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS. [1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/ Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr> Closes #4094
Diffstat (limited to 'docs')
0 files changed, 0 insertions, 0 deletions