Mailing Lists
|
|
cURL Mailing List Monthly Index Single Mail
curl-tracker Archives
[curl:bugs] #1234 libcurl_tutorial.3 contains incorrect backslash
From: Dan Fandrich <dfandrich_at_users.sf.net>
Date: Mon, 03 Jun 2013 19:07:51 +0000
I think an example with the slash would get more mileage than one without. Not that this is supposed to be an exhaustive list of possible file names with security implications, but my idea was that another example might cause readers to realize that there's more than just one character to worry about.
--- ** [bugs:#1234] libcurl_tutorial.3 contains incorrect backslash** **Status:** closed-fixed **Created:** Tue May 28, 2013 11:28 AM UTC by Eric S. Raymond **Last Updated:** Mon Jun 03, 2013 06:54 PM UTC **Owner:** Daniel Stenberg --- libcurl-tutorial.3-unpatched 2013-05-28 07:24:46.577949934 -0400 +++ libcurl-tutorial.3 2013-05-28 07:25:06.161949568 -0400 @@ -1246,7 +1246,7 @@ could also use CURLINFO_EFFECTIVE_URL to generate a file name from a server-supplied redirect URL. Special care must be taken to sanitize such names to avoid the possibility of a malicious server supplying one like -"/etc/passwd", "\autoexec.bat" or even ".bashrc". +"/etc/passwd", "autoexec.bat" or even ".bashrc". .IP "Server Certificates" A secure application should never use the CURLOPT_SSL_VERIFYPEER option to --- Sent from sourceforge.net because you indicated interest in <https://sourceforge.net/p/curl/bugs/1234/> To unsubscribe from further messages, please visit <https://sourceforge.net/auth/subscriptions/>Received on 2013-06-03 These mail archives are generated by hypermail. |
Page updated May 06, 2013.
web site info