- Apr 21, 2015
-
-
Daniel Stenberg authored
If a URL is given with a zero-length host name, like in "http://:80" or just ":80", `fix_hostname()` will index the host name pointer with a -1 offset (as it blindly assumes a non-zero length) and both read and assign that address. CVE-2015-3144 Bug: http://curl.haxx.se/docs/adv_20150422D.html Reported-by: Hanno Böck
-
Daniel Stenberg authored
The internal libcurl function called sanitize_cookie_path() that cleans up the path element as given to it from a remote site or when read from a file, did not properly validate the input. If given a path that consisted of a single double-quote, libcurl would index a newly allocated memory area with index -1 and assign a zero to it, thus destroying heap memory it wasn't supposed to. CVE-2015-3145 Bug: http://curl.haxx.se/docs/adv_20150422C.html Reported-by: Hanno Böck
-
Daniel Stenberg authored
CVE-2015-3143 Bug: http://curl.haxx.se/docs/adv_20150422A.html Reported-by: Paras Sethia
-
byronhe authored
-
- Apr 20, 2015
-
-
Daniel Stenberg authored
Bug: https://github.com/bagder/curl/issues/229 Reported-by: bsammon
-
Mostyn Bramley-Moore authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Apr 19, 2015
-
-
Michael Stapelberg authored
-
Viktor Szakats authored
-
- Apr 18, 2015
-
-
Daniel Stenberg authored
Reported-by: John Marshall Bug: https://github.com/bagder/curl/issues/225
-
Dan Fandrich authored
-
- Apr 17, 2015
-
-
Daniel Stenberg authored
... and some minor edits
-
Daniel Stenberg authored
This reverts commit 5dc68dd6. Bug: https://github.com/bagder/curl/issues/223 Reported-by: Michael Osipov
-
Jay Satiro authored
Prior to this change CyaSSL's build options could redefine some generic build symbols. http://curl.haxx.se/mail/lib-2015-04/0069.html
-
Kamil Dudka authored
-
Kamil Dudka authored
Bug: https://github.com/bagder/curl/pull/171
-
Daniel Stenberg authored
When a config file line ends without newline, the parsing function could continue reading beyond that point in memory. Reported-by: Hanno Böck
-
- Apr 16, 2015
-
-
Jay Satiro authored
-
- Apr 15, 2015
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Apr 14, 2015
-
-
Jay Satiro authored
-
- Apr 13, 2015
-
-
Matthew Hall authored
-
Matthew Hall authored
-
Matthew Hall authored
-
Matthew Hall authored
-
Matthew Hall authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
At some point, Firefox has changed and generates different directory names for the default profile that made this script fail to find them. Bug: https://github.com/bagder/curl/issues/207 Reported-by: sneakyimp
-
- Apr 12, 2015
-
-
Jay Satiro authored
CyaSSL >= 2.6.0 may have an options.h that was generated during its build by configure.
-
- Apr 11, 2015
-
-
Jay Satiro authored
Prior to this change Visual Studio builds could fail due to missing prerequisites src/tool_hugehelp.c and include/curl/curlbuild.h. http://curl.haxx.se/mail/lib-2015-04/0034.html
-
- Apr 09, 2015
-
-
Viktor Szakats authored
Add 'gdi32' and 'crypt32' Windows implibs to avoid failure while building libcurl.dll using the mingw compiler. The same logic is used in 'src/makefile.m32' when building curl.exe.
-
- Apr 08, 2015
-
-
Kamil Dudka authored
-
Kamil Dudka authored
... of an empty file Bug: https://github.com/bagder/curl/issues/183
-
Kamil Dudka authored
-
- Apr 07, 2015
-
-
Da-Yoon Chung authored
The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and rate_bps are both in bytes. When using the rate limiting option, curl waits 8 times too long, and then transfers very quickly until the average rate reaches the limit. The average rate follows the limit over time, but the actual traffic is bursty. Thanks-to: Benjamin Gilbert
-