- Oct 06, 2017
-
-
Daniel Stenberg authored
... fixes a memory leak with at least IMAP when remove_handle is never called and the transfer is abruptly just abandoned early. Test 1552 added to verify Detected by OSS-fuzz Assisted-by: Max Dymond Closes #1954
-
Benbuck Nason authored
Fixes #1950: curlx_strtoofft() doesn't fully protect against null 'str' argument. Closes #1952
-
Daniel Stenberg authored
Reported-by: Javier Sixto Fixes #1955 Closes #1956
-
Viktor Szakats authored
The source code is now prepared to handle the case when both Win32 Crypto and OpenSSL/NSS crypto backends are enabled at the same time, making it now possible to enable `USE_WIN32_CRYPTO` whenever the targeted Windows version supports it. Since this matches the minimum Windows version supported by curl (Windows 2000), enable it unconditionally for the Win32 platform. This in turn enables SMB (and SMBS) protocol support whenever Win32 Crypto is available, regardless of what other crypto backends are enabled. Ref: https://github.com/curl/curl/pull/1840#issuecomment-325682052 Closes https://github.com/curl/curl/pull/1943
-
- Oct 05, 2017
-
-
Daniel Stenberg authored
Reported-by: Wyatt O'Day Fixes #1945 Closes #1947
-
Nick Zitzmann authored
Closes https://github.com/curl/curl/pull/1794
-
- Oct 04, 2017
-
-
Felix Kaiser authored
Closes #1946
-
Viktor Szakats authored
- New `CURL_DLL_SUFFIX` envvar will add a suffix to the generated libcurl dll name. Useful to add `-x64` to 64-bit builds so that it can live in the same directory as the 32-bit one. By default this is empty. - New `CURL_DLL_A_SUFFIX` envvar to customize the suffix of the generated import library (implib) for libcurl .dll. It defaults to `dll`, and it's useful to modify that to `.dll` to have the standard naming scheme for mingw-built .dlls, i.e. `libcurl.dll.a`. Closes https://github.com/curl/curl/pull/1942
-
Max Dymond authored
Use the external curl-fuzzer repository for fuzzing. Closes #1923
-
Daniel Stenberg authored
Closes #1936
-
Daniel Stenberg authored
Closes #1939
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Jay Satiro authored
Ref: https://github.com/curl/curl/issues/1002
-
- Oct 03, 2017
-
-
Michael Kaufmann authored
-
Michael Kaufmann authored
Compare these settings in Curl_ssl_config_matches(): - verifystatus (CURLOPT_SSL_VERIFYSTATUS) - random_file (CURLOPT_RANDOM_FILE) - egdsocket (CURLOPT_EGDSOCKET) Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(), and copy the setting "sessionid" unconditionally. This means that reusing connections that are secured with a client certificate is now possible, and the statement "TLS session resumption is disabled when a client certificate is used" in the old advisory at https://curl.haxx.se/docs/adv_20170419.html is obsolete. Reviewed-by: Daniel Stenberg Closes #1917
-
Michael Kaufmann authored
Reviewed-by: Daniel Stenberg Closes #1919
-
Patrick Monnerat authored
-
Daniel Stenberg authored
... now with a -formadd suffix. While the new mime API is introduced in 7.56.0 we must acknowledge that lots of users can't upgrade their curl versions immediately.
-
- Oct 02, 2017
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... a single double quote could leave the entry path buffer without a zero terminating byte. CVE-2017-1000254 Test 1152 added to verify. Reported-by: Max Dymond Bug: https://curl.haxx.se/docs/adv_20171004.html
-
Sergei Nikulov authored
Fixes https://github.com/curl/curl/issues/1500 Reported-by: Jay Satiro Fixes https://github.com/curl/curl/pull/1662 Assisted-by: Tom Seddon Assisted-by: <dpull@users.noreply.github.com> Assisted-by: <elelel@users.noreply.github.com> Closes https://github.com/curl/curl/pull/1924
-
- Oct 01, 2017
-
-
Patrick Monnerat authored
-
Patrick Monnerat authored
-
Patrick Monnerat authored
Include a guide to form/mime API conversion.
-
- Sep 30, 2017
-
-
Daniel Stenberg authored
... this will let the second occurance override the first. Added test 1161 to verify. Reported-by: Max Dymond Fixes #1932 Closes #1933
-
Dan Fandrich authored
Otherwise, the test fails when the -b test option is used to set a different test port range.
-
Dan Fandrich authored
When curl and libcurl are built with some protocols disabled, they stop setting and receiving some options that don't make sense with those protocols. In particular, when HTTP is disabled many options aren't set that are used only by HTTP. However, some options that appear to be HTTP-only are actually used by other protocols as well (some despite having HTTP in the name) and should be set, but weren't. This change now causes some of these options to be set and used for more (or for all) protocols. In particular, this fixes tests 646 through 649 in an HTTP-disabled build, which use the MIME API in the mail protocols.
-
- Sep 29, 2017
-
-
Daniel Stenberg authored
The fix done in 20ea22ff
-
Daniel Stenberg authored
Regression brought by 2bc230de Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513 Assisted-by: Max Dymond Closes #1930
-
Anders Bakken authored
The timer should be started after conn->connecttime is set. Otherwise the timer could expire without this condition being true: /* should we try another protocol family? */ if(i == 0 && conn->tempaddr[1] == NULL && curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) { Ref: #1928
-
- Sep 28, 2017
-
-
Michael Kaufmann authored
Closes #1922
-
Michael Kaufmann authored
Closes #1921
-
Michael Kaufmann authored
Closes #1920
-
Michael Kaufmann authored
A connection can only be reused if the flags "conn_to_host" and "conn_to_port" match. Therefore it is not necessary to copy these flags in reuse_conn(). Closes #1918
-
- Sep 27, 2017
-
-
Daniel Stenberg authored
When building with -std=c++14 on cygwin, this header won't be automatically included as it otherwise is. The <sys/select.h> include decision should ideally be reversed and be avoided where that header file doesn't exist. Reported-by: Ian Fette Fixes #1925
-
- Sep 25, 2017
-
-
Daniel Stenberg authored
-
- Sep 24, 2017
-
-
Michael Kaufmann authored
-
- Sep 23, 2017
-
-
Jay Satiro authored
.. and include the core NTLM header in all NTLM-related source files. Follow up to 6f86022d. Since then http_ntlm checks NTLM_NEEDS_NSS_INIT but did not include vtls.h where it was defined. Closes https://github.com/curl/curl/pull/1911
-