diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2005-09-27 09:13:39 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2005-09-27 09:13:39 +0000 |
| commit | b4c53e2cfd11fa9fec43d766fbec1a06931de11d (patch) | |
| tree | 2e44596fe0dc87fb30ac8c995be8542bb11d7f29 | |
| parent | a2902de67c3bf044a19419f8826521a963baaa7f (diff) | |
| download | gnurl-b4c53e2cfd11fa9fec43d766fbec1a06931de11d.tar.gz gnurl-b4c53e2cfd11fa9fec43d766fbec1a06931de11d.tar.bz2 gnurl-b4c53e2cfd11fa9fec43d766fbec1a06931de11d.zip | |
An anonymous submitter filed bug #1299181
(http://curl.haxx.se/bug/view.cgi?id=1299181) that identified a silly problem
with Content-Range: headers with the 'bytes' keyword written in a different
case than all lowercase! It would cause a segfault!
| -rw-r--r-- | CHANGES | 5 | ||||
| -rw-r--r-- | RELEASE-NOTES | 5 | ||||
| -rw-r--r-- | lib/transfer.c | 8 |
3 files changed, 14 insertions, 4 deletions
@@ -8,6 +8,11 @@ Daniel (27 September 2005) +- An anonymous submitter filed bug #1299181 + (http://curl.haxx.se/bug/view.cgi?id=1299181) that identified a silly + problem with Content-Range: headers with the 'bytes' keyword written in a + different case than all lowercase! It would cause a segfault! + - TJ Saunders of the proftpd project identified and pointed out problems with the modified FTPS negotiation change of August 19 2005. Thus, we revert the change back to pre-7.14.1 status. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0db7c9459..fc020b281 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -16,6 +16,7 @@ This release includes the following changes: This release includes the following bugfixes: + o HTTP Content-Range header parser crash o FTPS negotiation timeouts/errors o SSPI works even for Windows 9x o crash in --dump-header on FTP @@ -23,6 +24,10 @@ This release includes the following bugfixes: Other curl-related news since the previous public release: + o All curl relatd mailing list information and subscribers on cool.haxx.se + were lost due to a malicious user exploiting a security hole on the + server. Attempts have been made to put back susbcribers on the lists, but + many have been lost. o New S-Lang binding: http://curl.haxx.se/libcurl/slang/ o TclCurl 0.14.1: http://personal1.iddeo.es/andresgarci/tclcurl/english/ o pycurl 7.14.1: http://pycurl.sf.net/ diff --git a/lib/transfer.c b/lib/transfer.c index 996d133c9..13f31e9bc 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -880,11 +880,11 @@ CURLcode Curl_readwrite(struct connectdata *conn, /* Content-Range: bytes [num]- Content-Range: bytes: [num]- - The second format was added August 1st 2000 by Igor - Khristophorov since Sun's webserver JavaWebServer/1.1.1 - obviously sends the header this way! :-( */ + The second format was added since Sun's webserver + JavaWebServer/1.1.1 obviously sends the header this way! + */ - char *ptr = strstr(k->p, "bytes"); + char *ptr = Curl_strcasestr(k->p, "bytes"); ptr+=5; if(*ptr == ':') |