From 81f151c912105ded480c3c88a1be53ca345298a1 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 16 Sep 2010 23:11:48 +0200 Subject: header_callback: strip off file path separated with backslashes If the filename contains a backslash, only use filename portion. The idea is that even systems that don't handle backslashes as path separators probably want that path removed for convenience. This flaw is considered a security problem, see the curl security vulnerability http://curl.haxx.se/docs/adv_20101013.html --- src/main.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/main.c') diff --git a/src/main.c b/src/main.c index 8572328cd..95b47ea3a 100644 --- a/src/main.c +++ b/src/main.c @@ -4368,6 +4368,18 @@ parse_filename(char *ptr, size_t len) } } + /* If the filename contains a backslash, only use filename portion. The idea + is that even systems that don't handle backslashes as path separators + probably want the path removed for convenience. */ + q = strrchr(p, '\\'); + if (q) { + p = q+1; + if (!*p) { + free(copy); + return NULL; + } + } + if(quote) { /* if the file name started with a quote, then scan for the end quote and stop there */ -- cgit v1.2.3