Skip to content
  1. May 21, 2019
  2. May 20, 2019
  3. May 19, 2019
    • Daniel Gustafsson's avatar
      version: make ssl_version buffer match for multi_ssl · 9a87fe70
      Daniel Gustafsson authored
      
      
      When running a multi TLS backend build the version string needs more
      buffer space. Make the internal ssl_buffer stack buffer match the one
      in Curl_multissl_version() to allow for the longer string. For single
      TLS backend builds there is no use in extended to buffer. This is a
      fallout from #3863 which fixes up the multi_ssl string generation to
      avoid a buffer overflow when the buffer is too small.
      
      Closes #3875
      Reviewed-by: default avatarDaniel Stenberg <daniel@haxx.se>
      9a87fe70
  4. May 18, 2019
  5. May 17, 2019
  6. May 16, 2019
  7. May 15, 2019
  8. May 14, 2019
  9. May 13, 2019
    • Daniel Gustafsson's avatar
      vtls: fix potential ssl_buffer stack overflow · b4bb9204
      Daniel Gustafsson authored
      In Curl_multissl_version() it was possible to overflow the passed in
      buffer if the generated version string exceeded the size of the buffer.
      Fix by inverting the logic, and also make sure to not exceed the local
      buffer during the string generation.
      
      Closes #3863
      Reported-by: nevv on HackerOne/curl
      Reviewed-by: Jay Satiro
      Reviewed-by: Daniel Stenberg
      b4bb9204