Skip to content
  1. Aug 20, 2013
    • Jonathan Nieder's avatar
      url: allocate username, password, and options on the heap · 11baffbf
      Jonathan Nieder authored
      This makes it possible to increase the size of the buffers when needed
      in later patches.  No functional change yet.
      11baffbf
    • Jonathan Nieder's avatar
      url: use goto in create_conn() for exception handling · 53333a43
      Jonathan Nieder authored
      Instead of remembering before each "return" statement which temporary
      allocations, if any, need to be freed, take care to set pointers to
      NULL when no longer needed and use a goto to a common block to exit
      the function and free all temporaries.
      
      No functional change intended.  Currently the only temporary buffer in
      this function is "proxy" which is already correctly freed when
      appropriate, but there will be more soon.
      53333a43
    • Jonathan Nieder's avatar
      sasl: allow arbitrarily long username and password · c56f9797
      Jonathan Nieder authored
      Use appropriately sized buffers on the heap instead of fixed-size
      buffers on the stack, to allow for longer usernames and passwords.
      
      Callers never pass anything longer than MAX_CURL_USER_LENGTH (resp.
      MAX_CURL_PASSWORD_LENGTH), so no functional change inteded yet.
      c56f9797
  2. Aug 19, 2013
  3. Aug 16, 2013
    • Daniel Stenberg's avatar
      glob: error out on range overflow · f15a88f2
      Daniel Stenberg authored
      The new multiply() function detects range value overflows. 32bit
      machines will overflow on a 32bit boundary while 64bit hosts support
      ranges up to the full 64 bit range.
      
      Added test 1236 to verify.
      
      Bug: http://curl.haxx.se/bug/view.cgi?id=1267
      Reported-by: Will Dietz
      f15a88f2
    • Daniel Stenberg's avatar
      urlglob: better detect unclosed braces, empty lists and overflows · 5ca96cb8
      Daniel Stenberg authored
      A rather big overhaul and cleanup.
      
      1 - curl wouldn't properly detect and reject globbing that ended with an
      open brace if there were brackets or braces before it. Like "{}{" or
      "[0-1]{"
      
      2 - curl wouldn't properly reject empty lists so that "{}{}" would
      result in curl getting (nil) strings in the output.
      
      3 - By using strtoul() instead of sscanf() the code will now detected
      over and underflows. It now also better parses the step argument to only
      accept positive numbers and only step counters that is smaller than the
      delta between the maximum and minimum numbers.
      
      4 - By switching to unsigned longs instead of signed ints for the
      counters, the max values for []-ranges are now very large (on 64bit
      machines).
      
      5 - Bumped the maximum number of globs in a single URL to 100 (from 10)
      
      6 - Simplified the code somewhat and now it stores fixed strings as
      single- entry lists. That's also one of the reasons why I did (5) as now
      all strings between "globs" will take a slot in the array.
      
      Added test 1234 and 1235 to verify. Updated test 87.
      
      This commit fixes three separate bug reports.
      
      Bug: http://curl.haxx.se/bug/view.cgi?id=1264
      Bug: http://curl.haxx.se/bug/view.cgi?id=1265
      Bug: http://curl.haxx.se/bug/view.cgi?id=1266
      Reported-by: Will Dietz
      5ca96cb8
  4. Aug 15, 2013
  5. Aug 14, 2013
  6. Aug 12, 2013
  7. Aug 11, 2013
  8. Aug 10, 2013
  9. Aug 09, 2013
  10. Aug 08, 2013
  11. Aug 07, 2013
  12. Aug 06, 2013