commit the patch

curl · Dec 15, 2010 · 7ab3f69 · 7ab3f69
1 parent 29b37fd
commit 7ab3f69
Showing 1 changed file with 36 additions and 0 deletions.
diff --git a/curl-content-disposition.patch b/curl-content-disposition.patch
@@ -0,0 +1,36 @@
+commit 83ae6a0cecfd9c420e1fe153daf5be4e044b0929
+Author: Daniel Stenberg <[email protected]>
+Date:   Thu Sep 16 23:11:48 2010 +0200
+
+    header_callback: strip off file path separated with backslashes
+
+    If the filename contains a backslash, only use filename portion. The
+    idea is that even systems that don't handle backslashes as path
+    separators probably want that path removed for convenience.
+
+    This flaw is considered a security problem, see the curl security
+    vulnerability http://curl.haxx.se/docs/adv_20101013.html
+
+diff --git a/src/main.c b/src/main.c
+index 8572328..95b47ea 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -4368,6 +4368,18 @@ parse_filename(char *ptr, size_t len)
+     }
+   }
+
++  /* If the filename contains a backslash, only use filename portion. The idea
++     is that even systems that don't handle backslashes as path separators
++     probably want the path removed for convenience. */
++  q = strrchr(p, '\\');
++  if (q) {
++    p = q+1;
++    if (!*p) {
++      free(copy);
++      return NULL;
++    }
++  }
++
+   if(quote) {
+     /* if the file name started with a quote, then scan for the end quote and
+        stop there */