- Aug 08, 2017
-
-
Daniel Stenberg authored
... since they now provide several functions as __attribute__((overloadable)), the argument detection logic need updates. Patched-by: destman at github Fixes #1738 Closes #1739
-
Marcel Raad authored
This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d from August 01, 2017. Notably, this removes the lconv version whitelist. Closes https://github.com/curl/curl/pull/1716
-
- Aug 07, 2017
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Make the number parser aware of the maximum limit curl accepts for a value and return an error immediately if larger, instead of running an integer overflow later. Fixes #1730 Closes #1736
-
Daniel Stenberg authored
Added test 1289 to verify. CVE-2017-1000101 Bug: https://curl.haxx.se/docs/adv_20170809A.html Reported-by: Brian Carpenter
-
Daniel Stenberg authored
... and thereby avoid telling send() to send off more bytes than the size of the buffer! CVE-2017-1000100 Bug: https://curl.haxx.se/docs/adv_20170809B.html Reported-by: Even Rouault Credit to OSS-Fuzz for the discovery
-
Even Rouault authored
Regression brought by 7c312f84 (April 2017) CVE-2017-1000099 Bug: https://curl.haxx.se/docs/adv_20170809C.html Credit to OSS-Fuzz for the discovery
-
- Aug 06, 2017
-
-
Daniel Stenberg authored
First: this function is only used in debug-builds and not in release/real builds. It is used to drive tests using the event-based API. A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the CURLMOPT_TIMERFUNCTION calback can in fact be called even after this funtion returns, namely when curl_multi_remove_handle() is called. Reported-by: Brian Carpenter
-
- Aug 05, 2017
-
-
Daniel Stenberg authored
Fixes #1728
-
- Aug 04, 2017
-
-
Isaac Boukris authored
When multiple rounds are needed to establish a security context (usually ntlm), we overwrite old token with a new one without free. Found by proposed gss tests using stub a gss implementation (by valgrind error), though I have confirmed the leak with a real gssapi implementation as well. Closes https://github.com/curl/curl/pull/1733
-
Marcel Raad authored
clang complains: vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive [-Werror,-Wextra-tokens] This breaks the darwinssl build on Travis. Fix it by making this token a comment. Closes https://github.com/curl/curl/pull/1734
-
Marcel Raad authored
When using CURL_WERROR in MSVC builds, the debug flags were overridden by the release flags and /WX got added twice in debug mode. Closes https://github.com/curl/curl/pull/1715
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... by doing two transfers in nocwd mode and check that there's no superfluous CWD command.
-
Daniel Stenberg authored
... when reusing a connection. If it didn't do any CWD previously. Fixes #1718
-
Marcel Raad authored
This makes the builds more reproducible as travis is currently rolling out trusty as default dist [1]. Specifically, this avoids coverage check failures when trusty is used as seen in [2] until we figure out what's wrong. [1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming [2] https://github.com/curl/curl/pull/1692 Closes https://github.com/curl/curl/pull/1725
-
- Aug 03, 2017
-
-
Daniel Stenberg authored
(to make the full line appear nicer on travis web UI)
-
Daniel Stenberg authored
Closes #1706
-
Daniel Stenberg authored
With a clang pragma and three type fixes Fixes #1722
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Gisle Vanem authored
Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html
-
Marcel Raad authored
The MSVC warning level defaults to 3 in CMake. Change it to 4, which is consistent with the Visual Studio and NMake builds. Disable level 4 warning C4127 for the library and additionally C4306 for the test servers to get a clean CURL_WERROR build as that warning is raised in some macros in older Visual Studio versions. Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794 Closes https://github.com/curl/curl/pull/1711
-
- Aug 02, 2017
-
-
Daniel Stenberg authored
Reported-by: Viktor Szakats
-
Daniel Stenberg authored
... and CURLOPT_NETRC_FILE(3).
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Aug 01, 2017
-
-
Marcel Raad authored
Use LongToHandle to convert from long to HANDLE in the Win32 implementation. This should fix the following warning when compiling with MSVC 11 (2012) in 64-bit mode: lib\curl_threads.c(113): warning C4306: 'type cast' : conversion from 'long' to 'HANDLE' of greater size Closes https://github.com/curl/curl/pull/1717
-
Daniel Stenberg authored
Reported-by: Max Dymond
-
Daniel Stenberg authored
-
Brad Spencer authored
There are some bugs in how timers are managed for a single easy handle that causes the wrong "next timeout" value to be reported to the application when a new minimum needs to be recomputed and that new minimum should be an existing timer that isn't currently set for the easy handle. When the application drives a set of easy handles via the `curl_multi_socket_action()` API (for example), it gets told to wait the wrong amount of time before the next call, which causes requests to linger for a long time (or, it is my guess, possibly forever). Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
-
Jay Satiro authored
.. to catch accidental use of deprecated error codes. Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
-
- Jul 31, 2017
-
-
Jeremy Tan authored
Fixes #1669 Closes #1713
-
Daniel Stenberg authored
test 1429 and 1433 were updated to work with the stricter HTTP status line parser. Closes #1714 Reported-by: Brian Carpenter
-
- Jul 30, 2017
-
-
Jay Satiro authored
Follow-up to 171f8ded and de6de94c. Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851 Reported-by: Daniel Stenberg
-
- Jul 29, 2017
-
-
Jason Juang authored
Closes #1674
-
Daniel Stenberg authored
-