- May 20, 2019
-
-
Daniel Stenberg authored
bug: https://curl.haxx.se/docs/CVE-2019-5436.html Reported-by: l00p3r on hackerone CVE-2019-5436
-
- May 19, 2019
-
-
Daniel Gustafsson authored
When running a multi TLS backend build the version string needs more buffer space. Make the internal ssl_buffer stack buffer match the one in Curl_multissl_version() to allow for the longer string. For single TLS backend builds there is no use in extended to buffer. This is a fallout from #3863 which fixes up the multi_ssl string generation to avoid a buffer overflow when the buffer is too small. Closes #3875 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
- May 18, 2019
-
-
Steve Holme authored
Currently when the server responds with 401 on NTLM authenticated connection (re-used) we consider it to have failed. However this is legitimate and may happen when for example IIS is set configured to 'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header). Implemented by imploying an additional state once a connection is re-used to indicate that if we receive 401 we need to restart authentication. Missed in fe6049f0.
-
Steve Holme authored
Missed in 50b87c4e.
-
Steve Holme authored
Missed in fe20826b as it wasn't implemented in http.c in b4d6db83. Closes #3894
-
Daniel Stenberg authored
Closes #3844
-
- May 17, 2019
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- May 16, 2019
-
-
Viktor Szakats authored
Approved-by: Daniel Stenberg Closes #3896
-
Viktor Szakats authored
Ref: https://github.com/curl/curl/commit/0af41b40b2c7bd379b2251cbe7cd618e21fa0ea1#commitcomment-33563135 Approved-by: Daniel Stenberg Closes #3895
-
Daniel Stenberg authored
Closes #3887
-
Daniel Stenberg authored
They serve very little purpose and mostly just add noise. Most of them have been around for a very long time. I read them all before removing or rephrasing them. Ref: #3876 Closes #3883
-
Daniel Stenberg authored
... since libcurl has started to be totally unaware of options for disabled protocols they now return error. Bug: https://github.com/curl/curl/commit/c9c5304dd4747cbe75d2f24be85920d572fcb5b8#commitcomment-33533937 Reported-by: Marcel Raad Closes #3886
-
- May 15, 2019
-
-
Steve Holme authored
This brings the code inline with the other HTTP authentication mechanisms. Closes #3890
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Reported-by: Roy Bellingan Bug: #3885
-
Daniel Stenberg authored
As we treat a given proxy as a URL we should use the unified URL parser to extract the parts out of it. Closes #3878
-
- May 14, 2019
-
-
Steve Holme authored
Given that this member variable is not used by the SASL based protocols there is no need to have it here. Closes #3882
-
Steve Holme authored
Given that this member variable is not used by the SASL based protocols there is no need to have it here.
-
Steve Holme authored
-
Steve Holme authored
Given that Curl_disconnect() calls Curl_http_auth_cleanup_ntlm() prior to calling conn_shutdown() and it in turn performs this, there is no need to perform the same action in conn_shutdown(). Closes #3881
-
Daniel Stenberg authored
Updated test 1560 to verify. Closes #3880
-
Daniel Stenberg authored
If --with-ssl is used and configure still couldn't enable SSL this creates an error instead of just silently ignoring the fact. Suggested-by: Isaiah Norton Fixes #3824 Closes #3830
-
Daniel Gustafsson authored
-
Steve Holme authored
No need to set variables to zero as calloc() does this for us. Closes #3879
-
Daniel Stenberg authored
Clues-provided-by: Jay Satiro Clues-provided-by: Jeroen Ooms Fixes #3711 Closes #3874
-
- May 13, 2019
-
-
Daniel Gustafsson authored
In Curl_multissl_version() it was possible to overflow the passed in buffer if the generated version string exceeded the size of the buffer. Fix by inverting the logic, and also make sure to not exceed the local buffer during the string generation. Closes #3863 Reported-by: nevv on HackerOne/curl Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-