From 3017d8a8d8849ebd4feae4f5eae037cd55736a61 Mon Sep 17 00:00:00 2001
From: Ray Satiro <raysatiro@yahoo.com>
Date: Tue, 26 Jan 2016 23:23:15 +0100
Subject: curl: avoid local drive traversal when saving file (Windows)

curl does not sanitize colons in a remote file name that is used as the
local file name. This may lead to a vulnerability on systems where the
colon is a special path character. Currently Windows/DOS is the only OS
where this vulnerability applies.

CVE-2016-0754

Bug: http://curl.haxx.se/docs/adv_20160127B.html
---
 src/tool_doswin.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/tool_doswin.h')

diff --git a/src/tool_doswin.h b/src/tool_doswin.h
index cd216dbc5..fc83f16bb 100644
--- a/src/tool_doswin.h
+++ b/src/tool_doswin.h
@@ -25,7 +25,7 @@
 
 #if defined(MSDOS) || defined(WIN32)
 
-char *sanitize_dos_name(char *file_name);
+CURLcode sanitize_file_name(char **filename);
 
 #if defined(MSDOS) && (defined(__DJGPP__) || defined(__GO32__))
 
-- 
cgit v1.2.3