luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
39e21794a7
curl/docs/libcurl
History
Jay Satiro 39e21794a7 cookie: fix crash in netscape cookie parsing 
- Parse the input string without modifying it.

Prior to this change a segfault could occur if the input string was
const because the tokenizer modified the input string. For example if
the user set CURLOPT_COOKIELIST to a const string then libcurl would
likely cause a crash when modifying that string. Even if the string was
not const or a crash did not occur there was still the incorrect and
unexpected modification of the user's input string.

This issue was caused by 30da1f59 (precedes 8.11.0) which refactored
some options parsing and eliminated the copy of the input string. Also,
an earlier commit f88cc654 incorrectly cast the input pointer when
passing it to strtok.

Co-authored-by: Daniel Stenberg

Closes https://github.com/curl/curl/pull/15826
2024-12-27 13:16:08 -05:00
..
opts cookie: fix crash in netscape cookie parsing 2024-12-27 13:16:08 -05:00
.gitignore gitignore: the generated libcurl-symbols.md 2024-01-25 16:34:06 +01:00
ABI.md docs: use present tense 2024-02-27 09:47:21 +01:00
CMakeLists.txt cmake: namespace functions and macros 2024-12-16 21:55:00 +01:00
curl_easy_cleanup.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_duphandle.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_escape.md curl_easy_escape.md: move historic details to HISTORY 2024-07-23 11:24:19 +02:00
curl_easy_getinfo.md getinfo: provide info which auth was used for HTTP and proxy 2024-12-23 23:03:54 +01:00
curl_easy_header.md curl_easy_handler.md: fix language 2024-09-02 10:45:12 +02:00
curl_easy_init.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_nextheader.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_option_by_id.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_option_by_name.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_option_next.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_pause.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_perform.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_recv.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_reset.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_send.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_setopt.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_easy_strerror.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_unescape.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_easy_upkeep.md easy: fix curl_easy_upkeep for shared connection caches 2024-08-04 18:41:18 -04:00
curl_escape.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_formadd.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_formfree.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_formget.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_free.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_getdate.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_getenv.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_global_cleanup.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_global_init_mem.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_global_init.md tidy-up: OS names 2024-08-04 19:17:45 +02:00
curl_global_sslset.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_global_trace.md smtp: add tracing feature 2024-08-14 11:51:55 +02:00
curl_mime_addpart.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_data_cb.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_data.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_encoder.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_filedata.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_filename.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_free.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_headers.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_init.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_name.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_subparts.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_type.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mprintf.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_multi_add_handle.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_assign.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_cleanup.md docs/libcurl: expand multi documentation 2024-10-01 15:17:17 +02:00
curl_multi_fdset.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_get_handles.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_info_read.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_init.md docs/libcurl: expand multi documentation 2024-10-01 15:17:17 +02:00
curl_multi_perform.md curl_multi_perform.md: fix typo 2024-10-19 12:34:27 -04:00
curl_multi_poll.md docs: fix some examples in man pages 2024-08-23 09:00:08 -07:00
curl_multi_remove_handle.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_setopt.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_socket_action.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_socket_all.md curl_multi_socket_all.md: soften the deprecation warning 2024-11-18 14:17:14 -05:00
curl_multi_socket.md curl_multi_socket_all.md: soften the deprecation warning 2024-11-18 14:17:14 -05:00
curl_multi_strerror.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_timeout.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_wait.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_multi_waitfds.md docs: fix some examples in man pages 2024-08-23 09:00:08 -07:00
curl_multi_wakeup.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_pushheader_byname.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_pushheader_bynum.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_share_cleanup.md docs/libcurl: add to cleanup docs that their inputs go invalid 2024-07-23 11:18:46 +02:00
curl_share_init.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_share_setopt.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_share_strerror.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_slist_append.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_slist_free_all.md docs/libcurl: add to cleanup docs that their inputs go invalid 2024-07-23 11:18:46 +02:00
curl_strequal.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_strnequal.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_unescape.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_url_cleanup.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_url_dup.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_url_get.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_url_set.md curl_url_set.md: adjust the added-in to 7.62.0 2024-12-24 00:42:38 +01:00
curl_url_strerror.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_url.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_version_info.md tidy-up: misc spelling (bit, ASCII) 2024-08-15 15:30:09 +02:00
curl_version.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_ws_meta.md ws-docs: remove the outdated texts saying ws support is experimental 2024-12-15 18:14:52 +01:00
curl_ws_recv.md curl_ws_recv.md: fix typo 2024-12-27 00:37:53 -05:00
curl_ws_send.md ws-docs: remove the outdated texts saying ws support is experimental 2024-12-15 18:14:52 +01:00
libcurl-easy.md curldown: make 'added-in:' a mandatory header field 2024-07-18 18:04:09 +02:00
libcurl-env-dbg.md NTLM_WB: delete remains in tests, docs updates 2024-09-10 14:13:36 +02:00
libcurl-env.md tidy-up: spelling quiche and Rustls 2024-08-20 00:44:10 +02:00
libcurl-errors.md curl.h: mark two error codes as obsolete 2024-11-16 23:39:04 +01:00
libcurl-multi.md curldown: make 'added-in:' a mandatory header field 2024-07-18 18:04:09 +02:00
libcurl-security.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
libcurl-share.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
libcurl-thread.md tidy-up: URL updates 2024-07-30 21:27:12 +02:00
libcurl-tutorial.md tidy-up: misc spelling (bit, ASCII) 2024-08-15 15:30:09 +02:00
libcurl-url.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
libcurl-ws.md ws-docs: remove the outdated texts saying ws support is experimental 2024-12-15 18:14:52 +01:00
libcurl.m4 misc: Fix typos in docs and lib 2024-03-01 09:59:48 +01:00
libcurl.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
Makefile.am docs: dist curl*.1 and install without perl 2024-02-20 10:35:13 +01:00
Makefile.inc lib: add curl_multi_waitfds 2024-04-09 16:53:40 +02:00
mksymbolsmanpage.pl curldown: make 'added-in:' a mandatory header field 2024-07-18 18:04:09 +02:00
symbols-in-versions getinfo: provide info which auth was used for HTTP and proxy 2024-12-23 23:03:54 +01:00
symbols.pl docs: remove use of the word 'very' 2023-09-07 22:52:07 +02:00