granicus.if.org Git - curl/commit

author	Daniel Stenberg <daniel@haxx.se>
	Fri, 23 Dec 2011 12:24:16 +0000 (13:24 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Tue, 24 Jan 2012 07:54:26 +0000 (08:54 +0100)
commit	75ca568fa1c19de4c5358fed246686de8467c238
tree	3defa5cba8cb2105499cc762810274d27d44cfd6	tree \| snapshot
parent	db1a856b4f7cf6ae334fb0656b26a18eea317000	commit \| diff

URL sanitize: reject URLs containing bad data

Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
decoded manner now use the new Curl_urldecode() function to reject URLs
with embedded control codes (anything that is or decodes to a byte value
less than 32).

URLs containing such codes could easily otherwise be used to do harm and
allow users to do unintended actions with otherwise innocent tools and
applications. Like for example using a URL like
pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
a mail and instead this would delete one.

This flaw is considered a security vulnerability: CVE-2012-0036

Security advisory at: http://curl.haxx.se/docs/adv_20120124.html

Reported by: Dan Fandrich

lib/escape.c		diff \| blob \| history
lib/escape.h		diff \| blob \| history
lib/imap.c		diff \| blob \| history
lib/pop3.c		diff \| blob \| history
lib/smtp.c		diff \| blob \| history