- Oct 20, 2017
-
-
Daniel Stenberg authored
... by using range checks. Among other things, this avoids an undefined behavior for a left shift that could happen on negative or very large values. Closes #1997 Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
-
Patrick Monnerat authored
See issue #1999
-
Patrick Monnerat authored
The contents might have changed: size must be recomputed. Reported-by: moteus on github Fixes #1999
-
- Oct 19, 2017
-
-
Patrick Monnerat authored
Even if OpenSSL is enabled, it might not be the default backend when multi-ssl is enabled, causing the test to fail.
-
Patrick Monnerat authored
-
Patrick Monnerat authored
On OS/400, `close' is an ASCII system macro that corrupts the code if not used in a context not targetting the close() system API.
-
Patrick Monnerat authored
Also adjust makefile to renamed files and warn about installation dirs mix-up.
-
Patrick Monnerat authored
-
Patrick Monnerat authored
-
- Oct 16, 2017
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... filter early instead of risking "funny values" having to be dealt with elsewhere.
-
Daniel Stenberg authored
... that are multiplied by 1000 when stored. For 32 bit long systems, the max value accepted (2147483 seconds) is > 596 hours which is unlikely to ever be set by a legitimate application - and previously it didn't work either, it just caused undefined behavior. Also updated the man pages for these timeout options to mention the return code. Closes #1938
-
- Oct 15, 2017
-
-
Viktor Szakats authored
Allow to ovverride certain build tools, making it possible to use LLVM/Clang to build curl. The default behavior is unchanged. To build with clang (as offered by MSYS2), these settings can be used: CURL_CC=clang CURL_AR=llvm-ar CURL_RANLIB=llvm-ranlib Closes https://github.com/curl/curl/pull/1993
-
Viktor Szakats authored
Use memset() to initialize a structure to avoid LLVM/Clang warning: ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers] Closes https://github.com/curl/curl/pull/1992
-
- Oct 14, 2017
-
-
Daniel Stenberg authored
NOTE: it makes them terribly slow. I recommend only using valgrind for specific torture tests or using lots of patience.
-
Daniel Stenberg authored
... to allow them to be included in torture tests too. closes #1980
-
Daniel Stenberg authored
... we used it only for the fuzzer, which we now have in a separate git repo. Closes #1990
-
- Oct 13, 2017
-
-
Patrick Monnerat authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Reported-by: Jeroen Ooms Closes #1988
-
- Oct 12, 2017
-
-
Patrick Monnerat authored
Include test cases in 554, 587, 650. Fixes https://github.com/curl/curl/issues/1986
-
Patrick Monnerat authored
Closes PR https://github.com/curl/curl/pull/1985
-
Patrick Monnerat authored
If stdin is not a regular file, its content is memory-buffered to enable a possible data "rewind". In all cases, stdin data size is determined before real use to avoid having an unknown part's size. --libcurl generated code is left as an unbuffered stdin fread/fseek callback part with unknown data size. Buffering is not supported in deprecated curl_formadd() API.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
following the new github "standard"
-
- Oct 11, 2017
-
-
Daniel Stenberg authored
-
Artak Galoyan authored
Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active connection updates the current connection's (i.e.'connectdata' structure) appropriate ssl_config (and ssl_proxy_config) structures variables, making these options effective for ongoing connection. This functionality was available before and was broken by the following change: "proxy: Support HTTPS proxy and SOCKS+HTTP(s)" CommitId: cb4e2be7. Bug: https://github.com/curl/curl/issues/1941 Closes https://github.com/curl/curl/pull/1951
-
David Benjamin authored
Those were temporary things we'd add and remove for our own convenience long ago. The last few stayed around for too long as an oversight but have since been removed. These days we have a running BORINGSSL_API_VERSION counter which is bumped when we find it convenient, but 2015-11-19 was quite some time ago, so just check OPENSSL_IS_BORINGSSL. Closes #1979
-
- Oct 10, 2017
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... as otherwise it could leak that memory. Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600 Assisted-by: Max Dymond Closes #1977
-
Daniel Stenberg authored
Reported-by: Zenju on github Test 244 added to verify Fixes #1974 Closes #1976
-
- Oct 09, 2017
-
-
Daniel Stenberg authored
Ref: #1974
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Enable PKCS12 for all non-boringssl builds without relying on configure or cmake checks. Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html Reported-by: Christian Schmitz Closes #1948
-
Kristiyan Tsaklev authored
Test 1422 updated to verify. Closes #1964
-
Patrick Monnerat authored
This allows freeing a mime structure bound to the easy handle before curl_easy_cleanup(). Fixes #1970.
-
- Oct 08, 2017
-
-
Daniel Stenberg authored
... like a very large non-existing RTSP version number. Added test 577 to verify. Detected by OSS-fuzz. Closes #1969
-