- Dec 01, 2017
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
W. Mark Kubacki authored
Absent any 'symbol map' or script to limit what gets exported, static linking of libraries previously resulted in a libcurl with curl's and those other symbols being (re-)exported. This did not happen if 'versioned symbols' were enabled (which is not the default) because then a version script is employed. This limits exports to everything starting in 'curl_*'., which is what "libcurl.vers" exports. This avoids strange side-effects such as with mixing methods from system libraries and those erroneously offered by libcurl. Closes #2127
-
Johannes Schindelin authored
Originally, my idea was to allocate the two structures (or more precisely, the connectdata structure and the four SSL backend-specific strucutres required for ssl[0..1] and proxy_ssl[0..1]) in one go, so that they all could be free()d together. However, getting the alignment right is tricky. Too tricky. So let's just bite the bullet and allocate the SSL backend-specific data separately. As a consequence, we now have to be very careful to release the memory allocated for the SSL backend-specific data whenever we release any connectdata. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes #2119
-
Daniel Stenberg authored
Reported-by: Dima Tisnek
-
- Nov 30, 2017
-
-
Daniel Stenberg authored
Uses a separate build without --enable-debug and no valgrind. The debug option causes far too many warnings in boringssl's headers (C++ comments, trailing commas etc). Valgrind triggers some false positive errors in thread-local data used by boringssl. Closes #2118
-
- Nov 29, 2017
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Nov 27, 2017
-
-
Daniel Stenberg authored
commit d3ab7c5a broke the boringssl build since it doesn't have RSA_flags(), so we disable that code block for boringssl builds. Reported-by: W. Mark Kubacki Fixes #2117
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
This bit is no longer used. It is not clear what it meant for users to "init the TLS" in a world with different TLS backends and since the introduction of multissl, libcurl didn't properly work if inited without this bit set. Not a single user responded to the call for users of it: https://curl.haxx.se/mail/lib-2017-11/0072.html Reported-by: Evgeny Grin Assisted-by: Jay Satiro Fixes #2089 Fixes #2083 Closes #2107
-
Daniel Stenberg authored
Reported-by: Alex Nichols Assisted-by: Kamil Dudka and Max Dymond CVE-2017-8816 Bug: https://curl.haxx.se/docs/adv_2017-11e7.html
-
Daniel Stenberg authored
The code would previous read beyond the end of the pattern string if the match pattern ends with an open bracket when the default pattern matching function is used. Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161 CVE-2017-8817 Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
-
Jay Satiro authored
- Align the array of ssl_backend_data on a max 32 byte boundary. 8 is likely to be ok but I went with 32 for posterity should one of the ssl_backend_data structs change to contain a larger sized variable in the future. Prior to this change (since dev 70f1db32, release 7.56) the connectdata structure was undersized by 4 bytes in 32-bit builds with ssl enabled because long long * was mistakenly used for alignment instead of long long, with the intention being an 8 byte boundary. Also long long may not be an available type. The undersized connectdata could lead to oob read/write past the end in what was expected to be the last 4 bytes of the connection's secondary socket https proxy ssl_backend_data struct (the secondary socket in a connection is used by ftp, others?). Closes https://github.com/curl/curl/issues/2093 CVE-2017-8818 Bug: https://curl.haxx.se/docs/adv_2017-af0a.html
-
- Nov 25, 2017
-
-
Daniel Stenberg authored
With this check present, scan-build warns that we might dereference this point in other places where it isn't first checked for NULL. Thus, if it *can* be NULL we have a problem on a few places. However, this pointer should not be possible to be NULL here so I remove the check and thus also three different scan-build warnings. Closes #2111
-
- Nov 24, 2017
-
-
Matthew Kerwin authored
-
Matthew Kerwin authored
-
Matthew Kerwin authored
* LOTS of comment updates * explicit error for SMB shares (e.g. "file:////share/path/file") * more strict handling of authority (i.e. "//localhost/") * now accepts dodgy old "C:|" drive letters * more precise handling of drive letters in and out of Windows (especially recognising both "file:c:/" and "file:/c:/") Closes #2110
-
Daniel Stenberg authored
Reported by scan-build Closes #2109
-
Alessandro Ghedini authored
The new API added in Linux 4.11 only requires setting a socket option before connecting, without the whole sento() machinery. Notably, this makes it possible to use TFO with SSL connections on Linux as well, without the need to mess around with OpenSSL (or whatever other SSL library) internals. Closes #2056
-
Daniel Stenberg authored
Fixes #2097 Closes #2108
-
- Nov 23, 2017
-
-
Daniel Stenberg authored
-
Jay Satiro authored
eg consider a non-existent interface eth8, curl --interface eth8 Before: curl: (45) Could not resolve host: eth8 After: curl: (45) Couldn't bind to 'eth8' Bug: https://github.com/curl/curl/issues/2104 Reported-by: Alfonso Martone
-
Daniel Stenberg authored
Fixes #2106 Reported-by: youngchopin on github
-
- Nov 22, 2017
-
-
Michael Kaufmann authored
-
Daniel Stenberg authored
Host names like "127.0.0.1 moo" would otherwise be accepted by some getaddrinfo() implementations. Updated test 1034 and 1035 accordingly. Fixes #2073 Closes #2092
-
- Nov 21, 2017
-
-
Daniel Stenberg authored
Closes #2098
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Fixes a scan-build warning.
-
Daniel Stenberg authored
-
- Nov 20, 2017
-
-
Daniel Stenberg authored
-
- Nov 18, 2017
-
-
fmmedeiros authored
- Add braces around multi-line if statement. Closes https://github.com/curl/curl/pull/2096
-
- Nov 17, 2017
-
-
Daniel Stenberg authored
... so that IPv6 addresses can be passed like they can for connect-to and how they're used in URLs. Added test 1324 to verify Reported-by: Alex Malinovich Fixes #2087 Closes #2091
-
- Nov 15, 2017
-
-
Pavol Markovic authored
The previous fix https://github.com/curl/curl/pull/1788 worked just for Xcode 9. This commit extends the fix to older Xcode versions effectively by not using connectx function. Fixes https://github.com/curl/curl/issues/1330 Fixes https://github.com/curl/curl/issues/2080 Closes https://github.com/curl/curl/pull/1336 Closes #2082
-
Dirk Feytons authored
Fixes #2079 Closes #2081
-
- Nov 14, 2017
-
-
Daniel Stenberg authored
Closes #1455
-