cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-1299181 ] libcurl/curl coredumps on Content-Range header

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Thu, 22 Sep 2005 15:09:28 -0700

Bugs item #1299181, was opened at 2005-09-22 15:07
Message generated for change (Comment added) made by nobody
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1299181&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: crash
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Daniel Stenberg (bagder)
Summary: libcurl/curl coredumps on Content-Range header

Initial Comment:
in transfer.c near line 879, version 7.14.1:

====
            else if (Curl_compareheader(k->p,
"Content-Range:", "bytes")) {
              /* Content-Range: bytes [num]-
                 Content-Range: bytes: [num]-

                 The second format was added August 1st
2000 by Igor
                 Khristophorov since Sun's webserver
JavaWebServer/1.1.1
                 obviously sends the header this way!
:-( */

              char *ptr = strstr(k->p, "bytes");
              ptr+=5;

              if(*ptr == ':')
...

====

if Content-Range header uses "Bytes" instead of
"bytes", it coredumps because Curl_compareheader uses
case insensitive string comparison. And strstr is case
sensitive. If the word "bytes" is not all in lower
case, ptr will be NULL. *(ptr+5) will crash.

Since whether the header is in lower or upper case does
not matter, I just added a few lines of code before strstr:

              char *c = k->p;
              while (*c != '\0') {
                *c = tolower(*c);
                c++;
              }

and the problem is fixed.

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2005-09-22 15:09

Message:
Logged In: NO

A quick way to reproduce the problem:

bash% curl
'http://www.surclaro.com/user.php?op=userinfo&bypass=1&uname=jimmykins35'

this will coredump.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1299181&group_id=976
Received on 2005-09-23

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET