Skip to content
  1. May 17, 2016
    • Daniel Stenberg's avatar
      openssl: get_cert_chain: avoid NULL dereference · 8132fe11
      Daniel Stenberg authored
      CID 1361811: Explicit null dereferenced (FORWARD_NULL)
      8132fe11
    • Daniel Stenberg's avatar
      dprintf_formatf: fix (false?) Coverity warning · b4990734
      Daniel Stenberg authored
      CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when
      we run over 'workend' but the condition says <= workend and for all I
      can see it should be safe. Compensating for the warning by adding a byte
      margin in the buffer.
      
      Also, removed the extra brace level indentation in the code and made it
      so that 'workend' is only assigned once within the function.
      b4990734
  2. May 16, 2016
  3. May 14, 2016
    • Daniel Stenberg's avatar
      ftp wildcard: segfault due to init only in multi_perform · cba96213
      Daniel Stenberg authored
      The proper FTP wildcard init is now more properly done in Curl_pretransfer()
      and the corresponding cleanup in Curl_close().
      
      The previous place of init/cleanup code made the internal pointer to be NULL
      when this feature was used with the multi_socket() API, as it was made within
      the curl_multi_perform() function.
      
      Reported-by: Jonathan Cardoso Machado
      Fixes #800
      cba96213
  4. May 13, 2016
  5. May 12, 2016
  6. May 10, 2016
    • Anders Bakken's avatar
      TLS: SSL_peek is not a const operation · 856baf5a
      Anders Bakken authored
      Calling SSL_peek can cause bytes to be read from the raw socket which in
      turn can upset the select machinery that determines whether there's data
      available on the socket.
      
      Since Curl_ossl_check_cxn only tries to determine whether the socket is
      alive and doesn't actually need to see the bytes SSL_peek seems like
      the wrong function to call.
      
      We're able to occasionally reproduce a connect timeout due to this
      bug. What happens is that Curl doesn't know to call SSL_connect again
      after the peek happens since data is buffered in the SSL buffer and thus
      select won't fire for this socket.
      
      Closes #795
      856baf5a
  7. May 09, 2016
    • Daniel Stenberg's avatar
      TLS: move the ALPN/NPN enable bits to the connection · f6767f54
      Daniel Stenberg authored
      Only protocols that actually have a protocol registered for ALPN and NPN
      should try to get that negotiated in the TLS handshake. That is only
      HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN
      would wrongly be used in all handshakes if libcurl was built with it
      enabled.
      
      Reported-by: Jay Satiro
      
      Fixes #789
      f6767f54
  8. May 08, 2016
  9. May 05, 2016
  10. May 03, 2016
  11. May 02, 2016
  12. May 01, 2016
  13. Apr 29, 2016