- Apr 21, 2015
-
-
Daniel Stenberg authored
When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. CVE-2015-3148 Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris
-
Daniel Stenberg authored
If a URL is given with a zero-length host name, like in "http://:80" or just ":80", `fix_hostname()` will index the host name pointer with a -1 offset (as it blindly assumes a non-zero length) and both read and assign that address. CVE-2015-3144 Bug: http://curl.haxx.se/docs/adv_20150422D.html Reported-by: Hanno Böck
-
Daniel Stenberg authored
The internal libcurl function called sanitize_cookie_path() that cleans up the path element as given to it from a remote site or when read from a file, did not properly validate the input. If given a path that consisted of a single double-quote, libcurl would index a newly allocated memory area with index -1 and assign a zero to it, thus destroying heap memory it wasn't supposed to. CVE-2015-3145 Bug: http://curl.haxx.se/docs/adv_20150422C.html Reported-by: Hanno Böck
-
Daniel Stenberg authored
CVE-2015-3143 Bug: http://curl.haxx.se/docs/adv_20150422A.html Reported-by: Paras Sethia
-
byronhe authored
-
- Apr 20, 2015
-
-
Daniel Stenberg authored
Bug: https://github.com/bagder/curl/issues/229 Reported-by: bsammon
-
Mostyn Bramley-Moore authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Apr 19, 2015
-
-
Michael Stapelberg authored
-
Viktor Szakats authored
-
- Apr 18, 2015
-
-
Daniel Stenberg authored
Reported-by: John Marshall Bug: https://github.com/bagder/curl/issues/225
-
Dan Fandrich authored
-
- Apr 17, 2015
-
-
Daniel Stenberg authored
... and some minor edits
-
Daniel Stenberg authored
This reverts commit 5dc68dd6. Bug: https://github.com/bagder/curl/issues/223 Reported-by: Michael Osipov
-
Jay Satiro authored
Prior to this change CyaSSL's build options could redefine some generic build symbols. http://curl.haxx.se/mail/lib-2015-04/0069.html
-
Kamil Dudka authored
-
Kamil Dudka authored
Bug: https://github.com/bagder/curl/pull/171
-
Daniel Stenberg authored
When a config file line ends without newline, the parsing function could continue reading beyond that point in memory. Reported-by: Hanno Böck
-
- Apr 16, 2015
-
-
Jay Satiro authored
-
- Apr 15, 2015
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Apr 14, 2015
-
-
Jay Satiro authored
-
- Apr 13, 2015
-
-
Matthew Hall authored
-
Matthew Hall authored
-
Matthew Hall authored
-
Matthew Hall authored
-
Matthew Hall authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
At some point, Firefox has changed and generates different directory names for the default profile that made this script fail to find them. Bug: https://github.com/bagder/curl/issues/207 Reported-by: sneakyimp
-
- Apr 12, 2015
-
-
Jay Satiro authored
CyaSSL >= 2.6.0 may have an options.h that was generated during its build by configure.
-
- Apr 11, 2015
-
-
Jay Satiro authored
Prior to this change Visual Studio builds could fail due to missing prerequisites src/tool_hugehelp.c and include/curl/curlbuild.h. http://curl.haxx.se/mail/lib-2015-04/0034.html
-
- Apr 09, 2015
-
-
Viktor Szakats authored
Add 'gdi32' and 'crypt32' Windows implibs to avoid failure while building libcurl.dll using the mingw compiler. The same logic is used in 'src/makefile.m32' when building curl.exe.
-
- Apr 08, 2015
-
-
Kamil Dudka authored
-
Kamil Dudka authored
... of an empty file Bug: https://github.com/bagder/curl/issues/183
-
Kamil Dudka authored
-