- Feb 08, 2016
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... as we're HTTPS on the main site now, there's no point in that extra step
-
Daniel Stenberg authored
-
Jay Satiro authored
Extract the filename from the last slash or backslash. Prior to this change backslashes could be part of the filename. This change needed for the curl tool built for Cygwin. Refer to the CYGWIN addendum in advisory 20160127B. Bug: https://curl.haxx.se/docs/adv_20160127B.html
-
- Feb 07, 2016
-
-
Daniel Stenberg authored
-
Jay Satiro authored
sk_X509_EXTENSION_num may return an unsigned integer, however the value will fit in an int. Bug: https://github.com/curl/curl/commit/dd1b44c#commitcomment-15913896 Reported-by: Gisle Vanem
-
- Feb 06, 2016
-
-
Daniel Stenberg authored
-
Michael Kaufmann authored
.. also fix a conversion bug in the unused function curl_win32_ascii_to_idn(). And remove wprintfs on error (Jay). Bug: https://github.com/curl/curl/pull/637
-
Gisle Vanem authored
closesocket => close_socket Winsock already has the former. Bug: https://curl.haxx.se/mail/lib-2016-02/0016.html
-
Gisle Vanem authored
Bug: https://curl.haxx.se/mail/lib-2016-02/0017.html
-
Daniel Stenberg authored
... done on request and as it is a fair point.
-
- Feb 05, 2016
-
-
Jay Satiro authored
-
Jay Satiro authored
-
Jay Satiro authored
- Add unit test 1604 to test the sanitize_file_name function. - Use -DCURL_STATICLIB when building libcurltool for unit testing. - Better detection of reserved DOS device names. - New flags to modify sanitize behavior: SANITIZE_ALLOW_COLONS: Allow colons SANITIZE_ALLOW_PATH: Allow path separators and colons SANITIZE_ALLOW_RESERVED: Allow reserved device names SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename - Restore sanitization of banned characters from user-specified outfile. Prior to this commit sanitization of a user-specified outfile was temporarily disabled in 2b6dadc5 because there was no way to allow path separators and colons through while replacing other banned characters. Now in such a case we call the sanitize function with SANITIZE_ALLOW_PATH which allows path separators and colons to pass through. Closes https://github.com/curl/curl/issues/624 Reported-by: Octavio Schroeder
-
- Feb 04, 2016
-
-
Viktor Szakats authored
-
Jay Satiro authored
Free an existing domain before replacing it. Bug: https://github.com/curl/curl/issues/635 Reported-by: <silveja1@users.noreply.github.com>
-
Viktor Szakats authored
Closes #632
-
- Feb 03, 2016
-
-
Daniel Stenberg authored
I removed the scheme prefix from the URLs references this host name, as we don't own/run that anymore but the name is kept for historic reasons.
-
Daniel Stenberg authored
-
Viktor Szakats authored
-
Dan Fandrich authored
-
- Feb 02, 2016
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
It isn't used by the code in current conditions but for safety it seems sensible to at least not crash on such input. Extended unit test 1395 to verify this too as well as a plain "/" input.
-
- Feb 01, 2016
-
-
Daniel Stenberg authored
-
Sergei Nikulov authored
Closes #621
-
Jay Satiro authored
Due to path separators being incorrectly sanitized in --output pathnames, eg -o c:\foo => c__foo This is a partial revert of 3017d8a8 until I write a proper fix. The remote-name will continue to be sanitized, but if the user specified an --output with string replacement (#1, #2, etc) that data is unsanitized until I finish a fix. Bug: https://github.com/bagder/curl/issues/624 Reported-by: Octavio Schroeder
-
- Jan 29, 2016
-
-
Jay Satiro authored
.. also warn about letting the server pick the filename.
-
Gisle Vanem authored
-
- Jan 28, 2016
-
-
Daniel Stenberg authored
-
Sergei Nikulov authored
Closes #617
-
Sergei Nikulov authored
Closes https://github.com/bagder/curl/pull/618
-
Viktor Szakats authored
tool_doswin.c:185:14: warning: 'msdosify' defined but not used [-Wunused-function] Closes https://github.com/bagder/curl/pull/616
-
- Jan 27, 2016
-
-
Daniel Stenberg authored
Reported-by: Bernard Spil
-
Daniel Stenberg authored
-
- Jan 26, 2016
-
-
Daniel Stenberg authored
-
Isaac Boukris authored
Proxy NTLM authentication should compare credentials when re-using a connection similar to host authentication, as it authenticate the connection. Example: curl -v -x http://proxy:port http://host/ -U good_user:good_pwd --proxy-ntlm --next -x http://proxy:port http://host/ [-U fake_user:fake_pwd --proxy-ntlm] CVE-2016-0755 Bug: http://curl.haxx.se/docs/adv_20160127A.html
-
Ray Satiro authored
curl does not sanitize colons in a remote file name that is used as the local file name. This may lead to a vulnerability on systems where the colon is a special path character. Currently Windows/DOS is the only OS where this vulnerability applies. CVE-2016-0754 Bug: http://curl.haxx.se/docs/adv_20160127B.html
-