- Nov 06, 2014
-
-
Daniel Stenberg authored
Reported-by: Christian Hägele Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html
-
- Nov 05, 2014
-
-
Steve Holme authored
As the curl command-line tool now includes it's own version of strdup(), for platforms that don't have it, fixed up the git respository Visual Studio project file generator to not include the version from lib in the tool project files, rather than having both lib\strdup.[c|h] and src\tool_strdup.[c|h] present.
-
Daniel Stenberg authored
... not the lib/ one that the tool no longer uses!
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... and require the space after the filtering to make the filter able to remove names.
-
Steve Holme authored
-
Steve Holme authored
Added forward declaration of digestdata to overcome the following compilation warning: warning: 'struct digestdata' declared inside parameter list Additionally made the ntlmdata forward declaration dependent on USE_NTLM similar to how digestdata and kerberosdata are.
-
Steve Holme authored
Broken as part of the rework, in commit 7e6d51a7, to assist with the addition of HTTP digest via Windows SSPI.
-
Steve Holme authored
error: invalid operands to binary warning: pointer targets in assignment differ in signedness
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Gisle Vanem authored
Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html Reported-by: Jan Ehrhardt
-
Steve Holme authored
...as Curl_memdup() duplicates an area of fix size memory, that may be binary, and not a null terminated string.
-
Steve Holme authored
conversion from 'curl_off_t' to 'size_t', possible loss of data
-
Steve Holme authored
To provide consistent behaviour between the various HTTP authentication functions use CURLcode based error codes for Curl_input_digest() especially as the calling code doesn't use the specific error code just that it failed.
-
Daniel Stenberg authored
docs/THANKS-filter is a new filter file for converting contributor names we get or have recorded in alternative formats to the one we already use in THANKS. To help us show individual contributors using a single presentation of their names.
-
Daniel Stenberg authored
-
Frank Gevaerts authored
The removed names also appear as: Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su, S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder
-
Steve Holme authored
These were previously hard coded, and whilst defined in security.h, they may or may not be present in old header files given that these defines were never used in the original code. Not only that, but there appears to be some ambiguity between the ANSI and UNICODE NTLM definition name in security.h.
-
Patrick Monnerat authored
-
Daniel Stenberg authored
./contributors.sh found these extra ones that somehow had fallen through the cracks and never gotten added here. Reported-by: Frank Gevaerts
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
When duplicating a handle, the data to post was duplicated using strdup() when it could be binary and contain zeroes and it was not even zero terminated! This caused read out of bounds crashes/segfaults. Since the lib/strdup.c file no longer is easily shared with the curl tool with this change, it now uses its own version instead. Bug: http://curl.haxx.se/docs/adv_20141105.html CVE: CVE-2014-3707 Reported-By: Symeon Paraschoudis
-
Daniel Stenberg authored
To verify that curl_easy_duphandle() works fine on a handle that has gotten data stored with *_COPYPOSTFIELDS.
-
- Nov 04, 2014
-
-
Daniel Stenberg authored
... and make test 2034 and 2035 require it, and have it set when built with OpenSSL or GnuTLS.
-
Daniel Stenberg authored
-
Steve Holme authored
-
Daniel Stenberg authored
As we only use libtoolize, only check for that!
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
As implementations are refereed to GSS-API libraries as per the RFC and GSSAPI typically refers to the SASL authentication mechanism. ...and minor rewording on the same paragraph.
-
Steve Holme authored
-
K. R. Walker authored
CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB Bug: https://github.com/bagder/curl/pull/123
-
Jay Satiro authored
- Prior to this change no SSL minimum version was set by default at runtime for PolarSSL. Therefore in most cases PolarSSL would probably have defaulted to a minimum version of SSLv3 which is no longer secure.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... instead of duplicating info.
-