aboutsummaryrefslogtreecommitdiff
path: root/lib/http_negotiate.c
diff options
context:
space:
mode:
authorRay Satiro <raysatiro@yahoo.com>2016-01-26 23:23:15 +0100
committerDaniel Stenberg <daniel@haxx.se>2016-01-26 23:42:55 +0100
commit3017d8a8d8849ebd4feae4f5eae037cd55736a61 (patch)
tree976231c185eafd16960d905dc73a7ca0c04ff59f /lib/http_negotiate.c
parentcea1fd7a9414b628e3b462b08ee3b64f24a689d1 (diff)
curl: avoid local drive traversal when saving file (Windows)
curl does not sanitize colons in a remote file name that is used as the local file name. This may lead to a vulnerability on systems where the colon is a special path character. Currently Windows/DOS is the only OS where this vulnerability applies. CVE-2016-0754 Bug: http://curl.haxx.se/docs/adv_20160127B.html
Diffstat (limited to 'lib/http_negotiate.c')
0 files changed, 0 insertions, 0 deletions