aboutsummaryrefslogtreecommitdiff
path: root/src/tool_strdup.c
AgeCommit message (Collapse)Author
2014-11-05curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of boundsDaniel Stenberg
When duplicating a handle, the data to post was duplicated using strdup() when it could be binary and contain zeroes and it was not even zero terminated! This caused read out of bounds crashes/segfaults. Since the lib/strdup.c file no longer is easily shared with the curl tool with this change, it now uses its own version instead. Bug: http://curl.haxx.se/docs/adv_20141105.html CVE: CVE-2014-3707 Reported-By: Symeon Paraschoudis