From b3875606925536f82fc61f3114ac42f29eaf6945 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 17 Oct 2014 12:59:32 +0200
Subject: curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds

When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.

Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.

Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
---
 src/tool_setup.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'src/tool_setup.h')

diff --git a/src/tool_setup.h b/src/tool_setup.h
index c94686f96..3d7c15809 100644
--- a/src/tool_setup.h
+++ b/src/tool_setup.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -67,8 +67,7 @@
 #endif
 
 #ifndef HAVE_STRDUP
-#  include "strdup.h"
-#  define strdup(ptr) curlx_strdup(ptr)
+#  include "tool_strdup.h"
 #endif
 
 #endif /* HEADER_CURL_TOOL_SETUP_H */
-- 
cgit v1.2.3