cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Metalink support patch for curl

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 28 Jun 2012 23:40:41 +0200 (CEST)

On Thu, 28 Jun 2012, Tatsuhiro Tsujikawa wrote:

> I changed libmetalink code not to allow '.' in the first character in path
> or filename following the last slash.

What about "../" occurances? Like a file name called "/home/../../etc/passwd"
...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2012-06-28

This message: [ Message body ]
Next message: Marco A. Cruz Quevedo: "Re: Program too big to fit in memory"
Previous message: Bill Mercer: "RE: Program too big to fit in memory"
In reply to: Tatsuhiro Tsujikawa: "Re: Metalink support patch for curl"
Next in thread: Tatsuhiro Tsujikawa: "Re: Metalink support patch for curl"
Reply: Tatsuhiro Tsujikawa: "Re: Metalink support patch for curl"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]