aboutsummaryrefslogtreecommitdiff
path: root/lib/curlx.h
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2015-04-16 16:37:40 +0200
committerDaniel Stenberg <daniel@haxx.se>2015-04-21 23:20:36 +0200
commitb5f947b8ac0e282c61c75b69cd5b9d37dafc6959 (patch)
tree0bc44613fc2757e8112d72f491e3981879ac2bb5 /lib/curlx.h
parent31be461c6b659312100c47be6ddd5f0f569290f6 (diff)
cookie: cookie parser out of boundary memory access
The internal libcurl function called sanitize_cookie_path() that cleans up the path element as given to it from a remote site or when read from a file, did not properly validate the input. If given a path that consisted of a single double-quote, libcurl would index a newly allocated memory area with index -1 and assign a zero to it, thus destroying heap memory it wasn't supposed to. CVE-2015-3145 Bug: http://curl.haxx.se/docs/adv_20150422C.html Reported-by: Hanno Böck
Diffstat (limited to 'lib/curlx.h')
0 files changed, 0 insertions, 0 deletions