- Nov 07, 2018
-
-
Daniel Stenberg authored
The tool's local port command line range parser didn't check for integer overflows and could pass "weird" data to libcurl for this option. libcurl however, has a strict range check for the values so it rejects anything outside of the accepted range. Reported-by: Brian Carpenter Closes #3242
-
Daniel Stenberg authored
Follow-up to e431daf0, as I did the wrong correction for a compiler warning. It should be a break and not a fall-through. Pointed-out-by: Frank Gevaerts
-
Frank Gevaerts authored
Closes #3115
-
Daniel Gustafsson authored
The productname from Microsoft is "Schannel", but in infof/failf reporting we use "schannel". This removes different versions. Closes #3243 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
Daniel Stenberg authored
Similar to how URL decoding/encoding is done, we could have URL functions to convert IDN host names to punycode. Suggested-by: Alexey Melnichuk Closes #3232
-
Daniel Stenberg authored
APPENDQUERY + URLENCODE would skip all equals signs but now it only skip encoding the first to better allow "name=content" for any content. Reported-by: Alexey Melnichuk Fixes #3231 Closes #3231
-
- Nov 06, 2018
-
-
Daniel Stenberg authored
The function identifying a leading "scheme" part of the URL considered a few letters ending with a colon to be a scheme, making something like "short:80" to become an unknown scheme instead of a short host name and a port number. Extended test 1560 to verify. Also fixed test203 to use file_pwd to make it get the correct path on windows. Removed test 2070 since it was a duplicate of 203. Assisted-by: Marcel Raad Reported-by: Hagai Auro Fixes #3220 Fixes #3233 Closes #3223 Closes #3235
-
Sangamkar authored
In the transfer loop it would previously not acknwledge the pause bit and continue until drained or loop ended. Closes #3240
-
Jay Satiro authored
- Add an undocumented diagnostic option for Windows to show the full paths of all loaded modules regardless of whether or not libcurl initialization succeeds. This is needed so that in the CI we can get a list of all DLL dependencies after initialization (when they're most likely to have finished loading) and then package them as artifacts so that a functioning build can be downloaded. Also I imagine it may have some use as a diagnostic for help requests. Ref: https://github.com/curl/curl/pull/3103 Closes https://github.com/curl/curl/pull/3208
-
Jay Satiro authored
Prior to this change twice as many bytes as necessary were malloc'd when converting wchar to UTF8. To allay confusion in the future I also changed the variable name for the amount of bytes from len to bytes. Closes https://github.com/curl/curl/pull/3209
-
- Nov 05, 2018
-
-
Michael Kaufmann authored
- for "--netrc", don't ignore the login/password specified with "--user", only ignore the login/password in the URL. This restores the netrc behaviour of curl 7.61.1 and earlier. - fix the documentation of CURL_NETRC_REQUIRED - improve the detection of login/password changes when reading .netrc - don't read .netrc if both login and password are already set Fixes #3213 Closes #3224
-
Patrick Monnerat authored
-
Yasuhiro Matsumoto authored
Fixes #3211 Fixes #3175 Closes #3212
-
Daniel Stenberg authored
Closes #3199
-
Daniel Gustafsson authored
The previous coding used a format string whose output depended on the current locale of the environment running the test. Since the gist of the test is to have a format string, with the actual formatting being less important, switch to a more stable formatstring with decimals. Reported-by: Marcel Raad Closes #3234 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-
Daniel Stenberg authored
This reverts commit 226cfa82. This commit caused test failures on appveyor/windows. Work on fixing them is in #3235.
-
- Nov 04, 2018
-
-
Daniel Stenberg authored
...and fix symbol-scan.pl to also scan urlapi.h Reported-by: Alexey Melnichuk Fixes #3226 Closes #3230
-
- Nov 03, 2018
-
-
Daniel Gustafsson authored
The internal buffer in infof() is limited to 2048 bytes of payload plus an additional byte for NULL termination. Servers with very long error messages can however cause truncation of the string, which currently isn't very clear, and leads to badly formatted output. This appends a "...\n" (or just "..." in case the format didn't with a newline char) marker to the end of the string to clearly show that it has been truncated. Also include a unittest covering infof() to try and catch any bugs introduced in this quite important function. Closes #3216 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-
Michael Kaufmann authored
-
Daniel Stenberg authored
The function identifying a leading "scheme" part of the URL considered a few letters ending with a colon to be a scheme, making something like "short:80" to become an unknown scheme instead of a short host name and a port number. Extended test 1560 to verify. Reported-by: Hagai Auro Fixes #3220 Closes #3223
-
- Nov 02, 2018
-
-
Daniel Stenberg authored
Regression from 46e16406. Extended test 1560 to verify. Reported-by: tpaukrt on github Fixes #3218 Closes #3219
-
Daniel Stenberg authored
on Linux. To make sure the test suite runs with its newly build tool and doesn't require an external one present. Bug: #3198 Closes #3200
-
Tim Rühsen authored
The overflow has no real world impact. Just avoid it for "best practice". Code change suggested by "The Infinnovation Team" and Daniel Stenberg. Closes #3184
-
Daniel Stenberg authored
When not actually following the redirect and the target URL is only stored for later retrieval, curl always accepted "non-supported" schemes. This was a regression from 46e16406. Reported-by: Brad King Fixes #3210 Closes #3215
-
Daniel Gustafsson authored
Commit efc696a2 renamed persistant.c to persistent.c to fix the typo in the name, but missed to update the OpenVMS package files which still looked for the old name. Closes #3217 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Viktor Szakats <commit@vszakats.net>
-
- Nov 01, 2018
-
-
Daniel Stenberg authored
To make it easier to understand other people's and remote builds etc. Closes #3207
-
Daniel Stenberg authored
-
Daniel Stenberg authored
As has been outlined in the DEPRECATE.md document, the axTLS code has been disabled for 6 months and is hereby removed. Use a better supported TLS library! Assisted-by: Daniel Gustafsson Closes #3194
-
marcosdiazr authored
Closes #3197
-
Daniel Stenberg authored
... using clang Closes #3190
-
Daniel Stenberg authored
Curl_verify_certificate() must use the Curl_ prefix since it is globally available in the lib and otherwise steps outside of our namespace! Closes #3201
-
Kamil Dudka authored
It is unused since commit f7208df7. Closes #3204
-
- Oct 31, 2018
-
-
Daniel Stenberg authored
... revert the mistaken change brought in commit 8440616f. Reported-by: Alessandro Ghedini Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html Closes #3198
-
- Oct 30, 2018
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Gustafsson authored
MesaLink support was added in commit 57348eb9 but the backend was never added to the curl_sslbackend enum in curl/curl.h. This adds the new backend to the enum and updates the relevant docs. Closes #3195 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
Ruslan Baratov authored
Closes #3191
-
Daniel Stenberg authored
-
Daniel Stenberg authored
CVE-2018-16842 Reported-by: Brian Carpenter Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
-
- Oct 29, 2018
-
-
Tuomo Rinne authored
Closes #3123
-