- Aug 09, 2017
-
-
Adam Sampson authored
The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't complete: if the parsed number in num is larger than will fit in a long, the conversion is undefined behaviour (causing test1427 to fail for me on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting rid of the cast means the comparison will be done using doubles. It might make more sense for the max argument to also be a double... Fixes #1750 Closes #1749
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Broken since d24838d4 Reported-by: Bernard Spil
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Aug 08, 2017
-
-
Viktor Szakats authored
Closes #1741
-
Daniel Stenberg authored
... since they now provide several functions as __attribute__((overloadable)), the argument detection logic need updates. Patched-by: destman at github Fixes #1738 Closes #1739
-
Marcel Raad authored
This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d from August 01, 2017. Notably, this removes the lconv version whitelist. Closes https://github.com/curl/curl/pull/1716
-
- Aug 07, 2017
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Make the number parser aware of the maximum limit curl accepts for a value and return an error immediately if larger, instead of running an integer overflow later. Fixes #1730 Closes #1736
-
Daniel Stenberg authored
Added test 1289 to verify. CVE-2017-1000101 Bug: https://curl.haxx.se/docs/adv_20170809A.html Reported-by: Brian Carpenter
-
Daniel Stenberg authored
... and thereby avoid telling send() to send off more bytes than the size of the buffer! CVE-2017-1000100 Bug: https://curl.haxx.se/docs/adv_20170809B.html Reported-by: Even Rouault Credit to OSS-Fuzz for the discovery
-
Even Rouault authored
Regression brought by 7c312f84 (April 2017) CVE-2017-1000099 Bug: https://curl.haxx.se/docs/adv_20170809C.html Credit to OSS-Fuzz for the discovery
-
- Aug 06, 2017
-
-
Daniel Stenberg authored
First: this function is only used in debug-builds and not in release/real builds. It is used to drive tests using the event-based API. A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the CURLMOPT_TIMERFUNCTION calback can in fact be called even after this funtion returns, namely when curl_multi_remove_handle() is called. Reported-by: Brian Carpenter
-
- Aug 05, 2017
-
-
Daniel Stenberg authored
Fixes #1728
-
- Aug 04, 2017
-
-
Isaac Boukris authored
When multiple rounds are needed to establish a security context (usually ntlm), we overwrite old token with a new one without free. Found by proposed gss tests using stub a gss implementation (by valgrind error), though I have confirmed the leak with a real gssapi implementation as well. Closes https://github.com/curl/curl/pull/1733
-
Marcel Raad authored
clang complains: vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive [-Werror,-Wextra-tokens] This breaks the darwinssl build on Travis. Fix it by making this token a comment. Closes https://github.com/curl/curl/pull/1734
-
Marcel Raad authored
When using CURL_WERROR in MSVC builds, the debug flags were overridden by the release flags and /WX got added twice in debug mode. Closes https://github.com/curl/curl/pull/1715
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... by doing two transfers in nocwd mode and check that there's no superfluous CWD command.
-
Daniel Stenberg authored
... when reusing a connection. If it didn't do any CWD previously. Fixes #1718
-
Marcel Raad authored
This makes the builds more reproducible as travis is currently rolling out trusty as default dist [1]. Specifically, this avoids coverage check failures when trusty is used as seen in [2] until we figure out what's wrong. [1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming [2] https://github.com/curl/curl/pull/1692 Closes https://github.com/curl/curl/pull/1725
-
- Aug 03, 2017
-
-
Daniel Stenberg authored
(to make the full line appear nicer on travis web UI)
-
Daniel Stenberg authored
Closes #1706
-
Daniel Stenberg authored
With a clang pragma and three type fixes Fixes #1722
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Gisle Vanem authored
Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html
-
Marcel Raad authored
The MSVC warning level defaults to 3 in CMake. Change it to 4, which is consistent with the Visual Studio and NMake builds. Disable level 4 warning C4127 for the library and additionally C4306 for the test servers to get a clean CURL_WERROR build as that warning is raised in some macros in older Visual Studio versions. Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794 Closes https://github.com/curl/curl/pull/1711
-
- Aug 02, 2017
-
-
Daniel Stenberg authored
Reported-by: Viktor Szakats
-
Daniel Stenberg authored
... and CURLOPT_NETRC_FILE(3).
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Aug 01, 2017
-
-
Marcel Raad authored
Use LongToHandle to convert from long to HANDLE in the Win32 implementation. This should fix the following warning when compiling with MSVC 11 (2012) in 64-bit mode: lib\curl_threads.c(113): warning C4306: 'type cast' : conversion from 'long' to 'HANDLE' of greater size Closes https://github.com/curl/curl/pull/1717
-
Daniel Stenberg authored
Reported-by: Max Dymond
-
Daniel Stenberg authored
-
Brad Spencer authored
There are some bugs in how timers are managed for a single easy handle that causes the wrong "next timeout" value to be reported to the application when a new minimum needs to be recomputed and that new minimum should be an existing timer that isn't currently set for the easy handle. When the application drives a set of easy handles via the `curl_multi_socket_action()` API (for example), it gets told to wait the wrong amount of time before the next call, which causes requests to linger for a long time (or, it is my guess, possibly forever). Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
-
Jay Satiro authored
.. to catch accidental use of deprecated error codes. Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
-