curl-users
Windows cURL command line tool output problem
Date: Fri, 29 Jan 2016 15:56:05 +0000
I was doing some testing today with the latest cURL build 7.47.0.
I believe the issue is related to the recent fix for the CVE-2016-0754 issue (http://curl.haxx.se/docs/adv_20160127B.html)
C:\temp>curl --version
curl 7.47.0 (x86_64-pc-win32) libcurl/7.47.0 OpenSSL/1.0.2f zlib/1.2.8 WinIDN libssh2/1.6.0 nghttp2/1.7.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL libz TLS-SRP HTTP2
Tried downloading a file as follows:
curl www.google.com -o c:\temp\google.html
The output does not get saved in a file called google.html in the C:\temp folder but 'c__temp_google.html' in the current working folder.
curl www.google.com -o \temp\google.html
The output does not get saved in a file called google.html in the \temp folder on the current drive but '_temp_google.html' in the current working folder.
This indicates that colons and backslashes are converted to underscrores even for the -o command
The advisory indicates that this issue only applies to using the uppercase O and J options (and their respective long versions) but it seems to also affect the lower-case -o option as well as the --output.
The 7.46 build is not affected by this.
Octavio Schroeder
Lead Product Engineer
Cogeco Peer 1
Unstoppable Enterprises Live Here
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2016-01-29