[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 198/208: file: output the correct buffer to the use
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 198/208: file: output the correct buffer to the user |
Date: |
Wed, 09 Aug 2017 17:36:35 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.55.0
in repository gnurl.
commit c9332fa5e84f24da300b42b1a931ade929d3e27d
Author: Even Rouault <address@hidden>
AuthorDate: Tue Aug 1 17:17:06 2017 +0200
file: output the correct buffer to the user
Regression brought by 7c312f84ea930d8 (April 2017)
CVE-2017-1000099
Bug: https://curl.haxx.se/docs/adv_20170809C.html
Credit to OSS-Fuzz for the discovery
---
lib/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/file.c b/lib/file.c
index bd426eac2..666cbe75b 100644
--- a/lib/file.c
+++ b/lib/file.c
@@ -501,7 +501,7 @@ static CURLcode file_do(struct connectdata *conn, bool
*done)
tm->tm_hour,
tm->tm_min,
tm->tm_sec);
- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+ result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
if(!result)
/* set the file size to make it available post transfer */
Curl_pgrsSetDownloadSize(data, expected_size);
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 42/208: http2: fix OOM crash, (continued)
- [GNUnet-SVN] [gnurl] 42/208: http2: fix OOM crash, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 163/208: tool_help: clarify --include is only for response headers, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 206/208: THANKS: 20 new contributors in 7.55.0, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 183/208: test130: verify comments in .netrc, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 142/208: travis: install libssh2, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 135/208: errno: fix non-windows builds after af0216251b94e7, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 67/208: winbuild: fix boringssl build, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 168/208: libcurl: Stop using error codes defined under CURL_NO_OLDIES, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 48/208: lib1521: add curl_easy_getinfo calls to the test set, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 184/208: darwinssl: fix curlssl_sha256sum() compiler warnings on first argument, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 198/208: file: output the correct buffer to the user,
gnunet <=
- [GNUnet-SVN] [gnurl] 171/208: curl_setup: Define CURL_NO_OLDIES for building libcurl, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 192/208: RELEASE-NOTES: synced with 561e9217c, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 189/208: travis: explicitly specify dist, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 178/208: travis: build osx with libressl too, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 187/208: travis: add osx build with darwinssl, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 139/208: ISSUE_TEMPLATE: Add a comment not to file security issues on github, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 164/208: AppVeyor: now really use CURL_WERROR, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 79/208: progress: prevent resetting t_starttransfer, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 201/208: curl: detect and bail out early on parameter integer overflows, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 173/208: BUGS: clarify how to report security related bugs, gnunet, 2017/08/09