Permalink
Browse files

James Bursa found an ERRORBUFFFER overflow

  • Loading branch information...
1 parent 4cccceb commit 54c6f2c7c05d33859789bc3a1754805ee31c6edb @bagder bagder committed Oct 26, 2003
Showing with 10 additions and 1 deletion.
  1. +7 −0 CHANGES
  2. +3 −1 RELEASE-NOTES
View
@@ -7,6 +7,13 @@
Changelog
+Daniel (26 October)
+- James Bursa found out that curl_msnprintf() could write the trailing
+ zero-byte outside its given buffer size. This could happen if you generated
+ a very long error message as then libcurl would overwrite the ERRORBUFFER
+ with one byte. Using a non-existing very long local file:// name is one case
+ that could make this occur.
+
Daniel (24 October)
- David Hull filed bug report #829827. It identified a problem with -C - if
the full file already was downloaded and thus the server responded with a
View
@@ -24,6 +24,7 @@ This release includes the following changes:
This release includes the following bugfixes:
+ o a rare ERRORBUFFER single-byte overflow was fixed
o HTTP-resuming an already downloaded file works better
o builds better on Solaris 8+ with gcc
o --disable-eprt works now
@@ -81,6 +82,7 @@ advice from friends like these:
Neil Spring, Siddhartha Prakash Jain, Jon Turner, Vincent Bronner, Shard,
Jeremy Friesner, Florian Schoppmann, Neil Dunbar, Frank Ticheler, Lachlan
O'Dea, Dirk Manske, Domenico Andreoli, Gisle Vanem, Kimmo Kinnunen, Andrew
- Fuller, Georg Horn, Andr�s Garc�a, Dylan Ellicott, Kevin Roth, David Hull
+ Fuller, Georg Horn, Andr�s Garc�a, Dylan Ellicott, Kevin Roth, David Hull,
+ James Bursa
Thanks! (and sorry if I forgot to mention someone)

0 comments on commit 54c6f2c

Please sign in to comment.