From dbc6fe3e84a592bf69f140311a79c9116e561ad8 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 15 Nov 2008 23:47:01 +0000
Subject: [PATCH] my recent changes

---
 CHANGES       | 13 +++++++++++++
 RELEASE-NOTES |  6 ++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8bc8ee1421..99cd29ceb6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,19 @@
 
                                   Changelog
 
+Daniel Stenberg (16 Nov 2008)
+- Added check for NULL returns from strdup() in src/main.c and lib/formdata.c
+  - reported by Jim Meyering also prevent buffer overflow on MSDOS when you do
+  for example -O on a url with a file name part longer than PATH_MAX letters
+
+- lib/nss.c fixes based on the report by Jim Meyering: I went over and added
+  checks for return codes for all calls to malloc and strdup that were
+  missing. I also changed a few malloc(13) to use arrays on the stack and a
+  few malloc(PATH_MAX) to instead use aprintf() to lower memory use.
+
+- I fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is
+  in use.
+
 Daniel Fandrich (14 Nov 2008)
 - Added .xml as one of the few common file extensions known by the multipart
   form generator.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 310df78f3e..6383f765e6 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -13,7 +13,9 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
- o 
+ o fixed several calls to memory functions that didn't check return codes
+ o memory leak for SSL connects with libcurl/NSS when CURLOPT_ISSUERCERT was
+   used
 
 This release includes the following known bugs:
 
@@ -26,6 +28,6 @@ Other curl-related news:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- 
+ Yang Tse, Daniel Fandrich, Jim Meyering
 
         Thanks! (and sorry if I forgot to mention someone)
-- 
GitLab