On Tue, 9 May 2000, Janne Johansson wrote:

> Unfortunately, it's non-exploitable as far as I can see on OpenBSD-m68k.
> ;-)

Confirmed flaw.

Since it isn't overwriting the stack, the risk is a lot smaller for an
exploit. I can't tell for sure for all kinds of weird hardware architectures
though.

This would only be of any actual risk if there are people running curl within
suid scripts invoked by users.

[good fix cut out]

> Maybe the string url should be check at some earlier point, in main.c or
> something, but at least this prevents the simplest SEGV's.

Your fix is perfectly well removing this problem. I chose to make it slightly
different, but with the same basic concept (as you suggested, I do it at an
earlier point and thus reducing the number of times the check has to be
made).

My fix is in the CVS by the time you read this.

-- 
   Daniel Stenberg - http://www.contactor.se/~dast - +46-705-44 31 77
   ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol