luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0f54bfd803
curl/docs/libcurl
History
Daniel Stenberg 0f54bfd803
libcurl/opts: do not save files in dirs where attackers have access 
libcurl cannot fully protect against attacks where an attacker has write
access to the same directory where it is directed to save files. This is
particularly sensitive if you save files using elevated privileges.

Previously only mentioned in VULN-DISCLOSURE-POLICY.md.

Highlighted-by: Donguk Kim

Closes #16051
2025-01-20 10:34:37 +01:00
..
opts libcurl/opts: do not save files in dirs where attackers have access 2025-01-20 10:34:37 +01:00
.gitignore gitignore: the generated libcurl-symbols.md 2024-01-25 16:34:06 +01:00
ABI.md docs: use present tense 2024-02-27 09:47:21 +01:00
CMakeLists.txt cmake: namespace functions and macros 2024-12-16 21:55:00 +01:00
curl_easy_cleanup.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_duphandle.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_escape.md curl_easy_escape.md: move historic details to HISTORY 2024-07-23 11:24:19 +02:00
curl_easy_getinfo.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_easy_header.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_easy_init.md docs: use lowercase curl and libcurl 2025-01-02 17:15:54 +01:00
curl_easy_nextheader.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_option_by_id.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_option_by_name.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_option_next.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_pause.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_easy_perform.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_easy_recv.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_easy_reset.md docs: use lowercase curl and libcurl 2025-01-02 17:15:54 +01:00
curl_easy_send.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_easy_setopt.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_easy_ssls_export.md curl_easy_ssls_export/import.md: made for TLS protocols 2025-01-13 23:39:31 +01:00
curl_easy_ssls_import.md curl_easy_ssls_export/import.md: made for TLS protocols 2025-01-13 23:39:31 +01:00
curl_easy_strerror.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_unescape.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_easy_upkeep.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_escape.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_formadd.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_formfree.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_formget.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_free.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_getdate.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_getenv.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_global_cleanup.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_global_init_mem.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_global_init.md tidy-up: OS names 2024-08-04 19:17:45 +02:00
curl_global_sslset.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_global_trace.md vtls: feature ssls-export for SSL session im-/export 2025-01-08 23:32:07 +01:00
curl_mime_addpart.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_data_cb.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_data.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_encoder.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_filedata.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_filename.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_free.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_headers.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_init.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_name.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_subparts.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_type.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mprintf.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_multi_add_handle.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_assign.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_cleanup.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_fdset.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_get_handles.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_info_read.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_init.md docs/libcurl: expand multi documentation 2024-10-01 15:17:17 +02:00
curl_multi_perform.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_poll.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_remove_handle.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_setopt.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_socket_action.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_socket_all.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_socket.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_strerror.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_timeout.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_wait.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_waitfds.md curl_multi_waitfds.md: tidy up the example 2025-01-19 11:45:25 +01:00
curl_multi_wakeup.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_pushheader_byname.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_pushheader_bynum.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_share_cleanup.md docs/libcurl: add to cleanup docs that their inputs go invalid 2024-07-23 11:18:46 +02:00
curl_share_init.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_share_setopt.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_share_strerror.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_slist_append.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_slist_free_all.md docs/libcurl: add to cleanup docs that their inputs go invalid 2024-07-23 11:18:46 +02:00
curl_strequal.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_strnequal.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_unescape.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_url_cleanup.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_url_dup.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_url_get.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_url_set.md curl_url_set.md: adjust the added-in to 7.62.0 2024-12-24 00:42:38 +01:00
curl_url_strerror.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_url.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_version_info.md vtls: feature ssls-export for SSL session im-/export 2025-01-08 23:32:07 +01:00
curl_version.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_ws_meta.md ws-docs: remove the outdated texts saying ws support is experimental 2024-12-15 18:14:52 +01:00
curl_ws_recv.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_ws_send.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
libcurl-easy.md curldown: make 'added-in:' a mandatory header field 2024-07-18 18:04:09 +02:00
libcurl-env-dbg.md websocket: fix message send corruption 2025-01-16 16:19:07 -05:00
libcurl-env.md tidy-up: spelling quiche and Rustls 2024-08-20 00:44:10 +02:00
libcurl-errors.md curl.h: mark two error codes as obsolete 2024-11-16 23:39:04 +01:00
libcurl-multi.md curldown: make 'added-in:' a mandatory header field 2024-07-18 18:04:09 +02:00
libcurl-security.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
libcurl-share.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
libcurl-thread.md tidy-up: URL updates 2024-07-30 21:27:12 +02:00
libcurl-tutorial.md tidy-up: misc spelling (bit, ASCII) 2024-08-15 15:30:09 +02:00
libcurl-url.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
libcurl-ws.md ws-docs: remove the outdated texts saying ws support is experimental 2024-12-15 18:14:52 +01:00
libcurl.m4 misc: Fix typos in docs and lib 2024-03-01 09:59:48 +01:00
libcurl.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
Makefile.am docs: dist curl*.1 and install without perl 2024-02-20 10:35:13 +01:00
Makefile.inc vtls: feature ssls-export for SSL session im-/export 2025-01-08 23:32:07 +01:00
mksymbolsmanpage.pl curldown: make 'added-in:' a mandatory header field 2024-07-18 18:04:09 +02:00
symbols-in-versions getinfo: provide info which auth was used for HTTP and proxy 2024-12-23 23:03:54 +01:00
symbols.pl docs: remove use of the word 'very' 2023-09-07 22:52:07 +02:00