← Back to branch summary

~ubuntu-branches/ubuntu/trusty/curl/trusty-updates

~ubuntu-branches/ubuntu/trusty/curl/trusty-updates

« back to all changes in this revision

Viewing changes to lib/url.c

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2015-01-14 08:49:32 UTC
Revision ID: package-import@ubuntu.com-20150114084932-4b8cpxuocqs2jv8h

Tags: 7.35.0-1ubuntu2.3

* SECURITY UPDATE: URL request injection
  - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
    lib/url.c, added test to tests/data/Makefile.am, tests/data/test1529,
    tests/libtest/Makefile.inc, tests/libtest/lib1529.c.
  - CVE-2014-8150

files added:
.pc/CVE-2014-8150.patch

.pc/CVE-2014-8150.patch/lib

.pc/CVE-2014-8150.patch/lib/url.c

.pc/CVE-2014-8150.patch/tests

.pc/CVE-2014-8150.patch/tests/data

.pc/CVE-2014-8150.patch/tests/data/Makefile.am

.pc/CVE-2014-8150.patch/tests/data/test1529

.pc/CVE-2014-8150.patch/tests/libtest

.pc/CVE-2014-8150.patch/tests/libtest/Makefile.inc

.pc/CVE-2014-8150.patch/tests/libtest/lib1529.c

debian/patches/CVE-2014-8150.patch

tests/data/test1529

tests/libtest/lib1529.c

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

lib/url.c

tests/data/Makefile.am

tests/libtest/Makefile.inc

Show diffs side-by-side

added added

removed removed

3710

3710

3711

3711

*prot_missing = FALSE;

3712

3712

3713

/* We might pass the entire URL into the request so we need to make sure

3714

* there are no bad characters in there.*/

3715

if(strpbrk(data->change.url, "\r\n")) {

3716

failf(data, "Illegal characters found in URL");

3717

return CURLE_URL_MALFORMAT;

3718

}

3719

3713

3720

/*************************************************************

3714

3721

* Parse the URL.

3715

3722

*

Older »