Skip to content
Snippets Groups Projects
  1. Mar 08, 2009
  2. Mar 05, 2009
  3. Mar 03, 2009
  4. Mar 02, 2009
    • Daniel Stenberg's avatar
      - David Kierznowski notified us about a security flaw · 042cc1f6
      Daniel Stenberg authored
        (http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
        which previous libcurl versions (by design) can be tricked to access an
        arbitrary local/different file instead of a remote one when
        CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
        together this the addition of two new setopt options for controlling this
        new behavior:
      
        o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
        follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
        excludes the FILE and SCP protocols and thus you nee to explicitly allow
        them in your app if you really want that behavior.
      
        o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
        using the primary URL option. This is useful if you want to allow a user or
        other outsiders control what URL to pass to libcurl and yet not allow all
        protocols libcurl may have been built to support.
  5. Feb 28, 2009
  6. Feb 27, 2009
  7. Feb 25, 2009
  8. Feb 24, 2009
  9. Feb 23, 2009
  10. Feb 20, 2009
  11. Feb 19, 2009
    • Daniel Stenberg's avatar
      - Patrik Thunstrom reported a problem and helped me repeat it. It turned out · 5af0629b
      Daniel Stenberg authored
        libcurl did a superfluous 1000ms wait when doing SFTP downloads!
      
        We read data with libssh2 while doing the "DO" operation for SFTP and then
        when we were about to start getting data for the actual file part, the
        "TRANSFER" part, we waited for socket action (in 1000ms) before doing a
        libssh2-read. But in this case libssh2 had already read and buffered the
        data so we ended up always just waiting 1000ms before we get working on the
        data!
      5af0629b
  12. Feb 18, 2009
  13. Feb 17, 2009
  14. Feb 14, 2009
  15. Feb 12, 2009
  16. Feb 11, 2009
  17. Feb 07, 2009
  18. Feb 03, 2009
  19. Feb 02, 2009
  20. Jan 31, 2009
  21. Jan 30, 2009
  22. Jan 29, 2009
Loading