generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- When downloading compressed content over HTTP and the app as asked libcurl

Browse Source 
to automatically uncompress it with the CURLOPT_ENCODING option, libcurl
  could wrongly provide the callback with more data than what the maximum
  documented amount. An application could thus get tricked into badness if the
  maximum limit was trusted to be enforced by libcurl itself (as it is
  documented).

  This is further detailed and explained in the libcurl security advisory
  20100209 at

    http://curl.haxx.se/docs/adv_20100209.html
This commit is contained in:
Daniel Stenberg
2010-02-09 09:35:48 +00:00
parent d33da42334
commit 06ae8ca5a6
3 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/content_encoding.c
View File

@@ -40,7 +40,7 @@
(doing so will reduce code size slightly). */
#define OLD_ZLIB_SUPPORT 1
#define DSIZ 0x10000 /* buffer size for decompressed data */
#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */
#define GZIP_MAGIC_0 0x1f
#define GZIP_MAGIC_1 0x8b