James Bursa found an ERRORBUFFFER overflow

2003-10-26 15:42:21 +00:00
parent 4cccceb034
commit 54c6f2c7c0
2 changed files with 10 additions and 1 deletions
--- a/7
+++ b/7
@@ -7,6 +7,13 @@
                                  Changelog


+Daniel (26 October)
+- James Bursa found out that curl_msnprintf() could write the trailing
+  zero-byte outside its given buffer size. This could happen if you generated
+  a very long error message as then libcurl would overwrite the ERRORBUFFER
+  with one byte. Using a non-existing very long local file:// name is one case
+  that could make this occur.
+
 Daniel (24 October)
 - David Hull filed bug report #829827. It identified a problem with -C - if
  the full file already was downloaded and thus the server responded with a