Skip to content
  1. Aug 11, 2017
    • Even Rouault's avatar
      parse_proxy(): fix memory leak in case of invalid proxy server name · 6e0e152c
      Even Rouault authored
      Fixes the below leak:
      
      $ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1
      curl: (5) Couldn't resolve proxy name
      ==5048==
      ==5048== HEAP SUMMARY:
      ==5048==     in use at exit: 532 bytes in 12 blocks
      ==5048==   total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated
      ==5048==
      ==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12
      ==5048==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==5048==    by 0x4E6CB79: parse_login_details (url.c:5614)
      ==5048==    by 0x4E6BA82: parse_proxy (url.c:5091)
      ==5048==    by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346)
      ==5048==    by 0x4E6EA18: create_conn (url.c:6498)
      ==5048==    by 0x4E6F9B4: Curl_connect (url.c:6967)
      ==5048==    by 0x4E86D05: multi_runsingle (multi.c:1436)
      ==5048==    by 0x4E88432: curl_multi_perform (multi.c:2160)
      ==5048==    by 0x4E7C515: easy_transfer (easy.c:708)
      ==5048==    by 0x4E7C74A: easy_perform (easy.c:794)
      ==5048==    by 0x4E7C7B1: curl_easy_perform (easy.c:813)
      ==5048==    by 0x414025: operate_do (tool_operate.c:1563)
      ==5048==
      ==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12
      ==5048==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==5048==    by 0x4E6CBB6: parse_login_details (url.c:5621)
      ==5048==    by 0x4E6BA82: parse_proxy (url.c:5091)
      ==5048==    by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346)
      ==5048==    by 0x4E6EA18: create_conn (url.c:6498)
      ==5048==    by 0x4E6F9B4: Curl_connect (url.c:6967)
      ==5048==    by 0x4E86D05: multi_runsingle (multi.c:1436)
      ==5048==    by 0x4E88432: curl_multi_perform (multi.c:2160)
      ==5048==    by 0x4E7C515: easy_transfer (easy.c:708)
      ==5048==    by 0x4E7C74A: easy_perform (easy.c:794)
      ==5048==    by 0x4E7C7B1: curl_easy_perform (easy.c:813)
      ==5048==    by 0x414025: operate_do (tool_operate.c:1563)
      
      Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984
      Credit to OSS Fuzz for discovery
      
      Closes #1761
      6e0e152c
    • Daniel Stenberg's avatar
      RELEASE-NOTES: synced with 37f2195a · 783d4346
      Daniel Stenberg authored
      783d4346
    • Daniel Stenberg's avatar
      curlver: bump to 7.55.1 · 37f2195a
      Daniel Stenberg authored
      37f2195a
    • Daniel Stenberg's avatar
      openssl: fix "error: this statement may fall through" · fd07ca1e
      Daniel Stenberg authored
      A gcc7 warning.
      fd07ca1e
    • David Benjamin's avatar
      openssl: remove CONST_ASN1_BIT_STRING. · f26f6d25
      David Benjamin authored
      Just making the pointer as const works for the pre-1.1.0 path too.
      
      Closes #1759
      f26f6d25
  2. Aug 10, 2017
  3. Aug 09, 2017
  4. Aug 08, 2017
  5. Aug 07, 2017
  6. Aug 06, 2017
    • Daniel Stenberg's avatar
      easy_events: make event data static · fa489873
      Daniel Stenberg authored
      First: this function is only used in debug-builds and not in
      release/real builds. It is used to drive tests using the event-based
      API.
      
      A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the
      CURLMOPT_TIMERFUNCTION calback can in fact be called even after this
      funtion returns, namely when curl_multi_remove_handle() is called.
      
      Reported-by: Brian Carpenter
      fa489873
  7. Aug 05, 2017
  8. Aug 04, 2017
  9. Aug 03, 2017