- Jun 06, 2016
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... and have test 1700 use that to strip out the nghttpx server: headers
-
Daniel Stenberg authored
It requires that 'nghttpx' is in the PATH, and it will run the tests using nghttpx as a front-end proxy in front of the standard HTTP/1 test server. This uses HTTP/2 over plain TCP. If you like me have nghttpx installed in a custom path, you can run test 1700 like this: $ PATH=$PATH:$HOME/build-nghttp2/bin/ ./runtests.pl 1700
-
Daniel Stenberg authored
-
Steve Holme authored
Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL fails on Windows < 8.1 so we need to disable ALPN on these OS versions. Inspiration provide by: Daniel Seither Closes #848 Fixes #840
-
Jay Satiro authored
LoadLibrary was supplanted by Curl_load_library for security reasons in 6df916d7.
-
- Jun 05, 2016
-
-
Jay Satiro authored
- Change the parser to not require a minor version for HTTP/2. HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2 in 8243a958 because the parser still expected a minor version. Bug: https://github.com/curl/curl/issues/855 Reported-by: Andrew Robbins, Frank Gevaerts
-
- Jun 04, 2016
-
-
Steve Holme authored
connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else'
-
Steve Holme authored
Closes #845
-
Steve Holme authored
-
Steve Holme authored
-
- Jun 03, 2016
-
-
Kamil Dudka authored
... causing SIGSEGV while parsing URL with too many globs. Minimal example: $ curl $(for i in $(seq 101); do printf '{a}'; done) Reported-by: Romain Coltel Bug: https://bugzilla.redhat.com/1340757
-
- Jun 01, 2016
-
-
Benjamin Kircher authored
Closes #850
-
Viktor Szakats authored
Dependency added by 6cabd785 Closes #849
-
Ivan Avdeev authored
Sessionid cache management is inseparable from managing individual session lifetimes. E.g. for reference-counted sessions (like those in SChannel and OpenSSL engines) every session addition and removal should be accompanied with refcount increment and decrement respectively. Failing to do so synchronously leads to a race condition that causes symptoms like use-after-free and memory corruption. This commit: - makes existing session cache locking explicit, thus allowing individual engines to manage lock's scope. - fixes OpenSSL and SChannel engines by putting refcount management inside this lock's scope in relevant places. - adds these explicit locking calls to other engines that use sessionid cache to accommodate for this change. Note, however, that it is unknown whether any of these engines could also have this race. Bug: https://github.com/curl/curl/issues/815 Fixes #815 Closes #847
-
Andrew Kurushin authored
Closes #822
-
- May 31, 2016
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... to make it not look like an OpenSSL function
-
Michael Kaufmann authored
Closes #844
-
Daniel Stenberg authored
This broke in 7.49.0 with commit e2000344 Fixes #842
-
- May 30, 2016
-
-
Daniel Stenberg authored
Mostly in order to support broken web sites that redirect to broken URLs that are accepted by browsers. Browsers are typically even more leniant than this as the WHATWG URL spec they should allow an _infinite_ amount. I tested 8000 slashes with Firefox and it just worked. Added test case 1141, 1142 and 1143 to verify the new parser. Closes #791
-
Renaud Lehoux authored
Closes #837
-
Renaud Lehoux authored
Closes #838
-
Frank Gevaerts authored
Adds access to the effectively used http version to both libcurl and curl. Closes #799
-
Daniel Stenberg authored
-
Marcel Raad authored
With OPENSSL_NO_COMP defined, there is no function SSL_COMP_free_compression_methods Closes #836
-
Gisle Vanem authored
Fixes #828
-
Jonathan authored
Closes #834
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Steve Holme authored
Inspiration provided by: Daniel Stenberg and Ray Satiro Bug: https://curl.haxx.se/docs/adv_20160530.html Ref: Windows DLL hijacking with curl, CVE-2016-4802
-
Daniel Stenberg authored
-
- May 29, 2016
-
-
Jay Satiro authored
Bug: https://github.com/curl/curl/issues/826 Reported-by: Michael Wallner
-
- May 28, 2016
-
-
Daniel Stenberg authored
The statvfs functionality was added to libssh2 in that version, so we switch off that functionality when built with older libraries. Fixes #831
-
- May 24, 2016
-
-
Daniel Stenberg authored
Regression from the previous *printf() rearrangements, this file missed to include the correct header to make sure snprintf() works universally. Reported-by: Moti Avrahami Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
-
- May 23, 2016
-
-
Steve Holme authored
Added support for checking the tchar, unicode and mbcs variants of strcat() and strncat() in the banned function list.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Now giving credit properly to github user names, fixed some UTF-8 issues and added names discovered when contrithanks was improved.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-