From 54c6f2c7c05d33859789bc3a1754805ee31c6edb Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 26 Oct 2003 15:42:21 +0000
Subject: James Bursa found an ERRORBUFFFER overflow

---
 CHANGES | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 690eedb7e..e9b6c64c6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,13 @@
                                   Changelog
 
 
+Daniel (26 October)
+- James Bursa found out that curl_msnprintf() could write the trailing
+  zero-byte outside its given buffer size. This could happen if you generated
+  a very long error message as then libcurl would overwrite the ERRORBUFFER
+  with one byte. Using a non-existing very long local file:// name is one case
+  that could make this occur.
+
 Daniel (24 October)
 - David Hull filed bug report #829827. It identified a problem with -C - if
   the full file already was downloaded and thus the server responded with a
-- 
cgit v1.2.3