projects / platform / upstream / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d33da42) | patch
- When downloading compressed content over HTTP and the app as asked libcurl
authorDaniel Stenberg <daniel@haxx.se>
Tue, 9 Feb 2010 09:35:48 +0000 (09:35 +0000)
committerDaniel Stenberg <daniel@haxx.se>
Tue, 9 Feb 2010 09:35:48 +0000 (09:35 +0000)
commit06ae8ca5a6e452e5cb555c1a511a9df8dec6657c
tree4da3bde9c75aa774767e854132634386f6bac1d3tree | snapshot
parentd33da42334169ad2a1c94571fc51e3735973097bcommit | diff
- When downloading compressed content over HTTP and the app as asked libcurl
  to automatically uncompress it with the CURLOPT_ENCODING option, libcurl
  could wrongly provide the callback with more data than what the maximum
  documented amount. An application could thus get tricked into badness if the
  maximum limit was trusted to be enforced by libcurl itself (as it is
  documented).

  This is further detailed and explained in the libcurl security advisory
  20100209 at

    http://curl.haxx.se/docs/adv_20100209.html
CHANGES diff | blob | history
RELEASE-NOTES diff | blob | history
lib/content_encoding.c diff | blob | history
Domain: Network & Connectivity / Data Network;