diff --git a/CHANGES b/CHANGES index 95a9c2a49db85b..bd2a1a7e9e3119 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,17 @@ Changelog +Daniel (16 March 2006) +- Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included + in the release archive. + +Daniel (14 March 2006) +- David McCreedy fixed: + + a bad SSL error message when OpenSSL certificates are verified fine. + + a missing return code assignment in the FTP code + Daniel (7 March 2006) - Markus Koetter filed debian bug report #355715 which identified a problem with the multi interface and multi-part formposts. The fix from February diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 4de87c211be7d3..5ce5b8e11217e9 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -11,25 +11,30 @@ Curl and libcurl 7.15.3 This release includes the following changes: - o + o added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD This release includes the following bugfixes: + o TFTP Packet Buffer Overflow Vulnerability: + http://curl.haxx.se/docs/adv_20060320.html + o properly detecting problems with sending the FTP command USER + o wrong error message shown when certificate verification failed o multi-part formpost with multi interface crash o the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged - o "SSL: couldn't set callback" is now a less serious problem + o "SSL: couldn't set callback" is now treated as a less serious problem o Interix build fix - o fixed "hang" when out of file handles at start + o fixed curl "hang" when out of file handles at start o prevent FTP uploads to URLs with trailing slash Other curl-related news since the previous public release: o pycurl-7.15.2 has been released: http://pycurl.sf.net + o http://curl.download.nextag.com/ is a new US curl web mirror! This release would not have looked like this without help, code, reports and advice from friends like these: Gisle Vanem, Dan Fandrich, Thomas Klausner, Todd Vierling, Peter Heuchert, - Markus Koetter + Markus Koetter, David McCreedy, Tor Arntsen Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/tftp.c b/lib/tftp.c index da250fca871c8e..6560a484d15c9e 100644 --- a/lib/tftp.c +++ b/lib/tftp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2005, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2006, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -271,8 +271,9 @@ static void tftp_send_first(tftp_state_data_t *state, tftp_event_t event) /* If we are downloading, send an RRQ */ state->spacket.event = htons(TFTP_EVENT_RRQ); } - sprintf((char *)state->spacket.u.request.data, "%s%c%s%c", - filename, '\0', mode, '\0'); + snprintf((char *)state->spacket.u.request.data, + sizeof(state->spacket.u.request.data), + "%s%c%s%c", filename, '\0', mode, '\0'); sbytes = 4 + (int)strlen(filename) + (int)strlen(mode); sbytes = sendto(state->sockfd, (void *)&state->spacket, sbytes, 0, @@ -533,7 +534,7 @@ CURLcode Curl_tftp_connect(struct connectdata *conn, bool *done) * The TFTP code is not portable because it sends C structs directly over * the wire. Since C gives compiler writers a wide latitude in padding and * aligning structs, this fails on many architectures (e.g. ARM). - * + * * The only portable way to fix this is to copy each struct item into a * flat buffer and send the flat buffer instead of the struct. The * alternative, trying to get the compiler to eliminate padding bytes