- May 21, 2019
-
-
Daniel Gustafsson authored
Commit e91e4816 moved ftp_ccc in under the FTP featureflag in the UserDefined struct, but vtls callsites were still using it unprotected. Closes #3912 Fixes: https://curl.haxx.se/dev/log.cgi?id=20190520044705-29865 Reviewed-by: Daniel Stenberg, Marcel Raad
-
- May 20, 2019
-
-
Daniel Stenberg authored
Reported-by: Olen Andoni Fixes #3906 Closes #3907
-
Guy Poizat authored
Closes #3892
-
Daniel Stenberg authored
Ref: #3905
-
Omar Ramadan authored
The longest currently registered URI scheme at IANA is 36 bytes long. Closes #3905 Closes #3900
-
Marcel Raad authored
Fixes Codacy/CppCheck warnings. Closes https://github.com/curl/curl/pull/3872
-
Marcel Raad authored
Just initialize word_begin with the correct value. Closes https://github.com/curl/curl/pull/3873
-
Marcel Raad authored
This way, we need only one call to free. Closes https://github.com/curl/curl/pull/3873
-
Marcel Raad authored
sock was only used to be assigned to fd_read. Closes https://github.com/curl/curl/pull/3873
-
Daniel Stenberg authored
-
Daniel Stenberg authored
bug: https://curl.haxx.se/docs/CVE-2019-5436.html Reported-by: l00p3r on hackerone CVE-2019-5436
-
- May 19, 2019
-
-
Daniel Gustafsson authored
When running a multi TLS backend build the version string needs more buffer space. Make the internal ssl_buffer stack buffer match the one in Curl_multissl_version() to allow for the longer string. For single TLS backend builds there is no use in extended to buffer. This is a fallout from #3863 which fixes up the multi_ssl string generation to avoid a buffer overflow when the buffer is too small. Closes #3875 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
- May 18, 2019
-
-
Steve Holme authored
Currently when the server responds with 401 on NTLM authenticated connection (re-used) we consider it to have failed. However this is legitimate and may happen when for example IIS is set configured to 'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header). Implemented by imploying an additional state once a connection is re-used to indicate that if we receive 401 we need to restart authentication. Missed in fe6049f0.
-
Steve Holme authored
Missed in 50b87c4e.
-
Steve Holme authored
Missed in fe20826b as it wasn't implemented in http.c in b4d6db83. Closes #3894
-
Daniel Stenberg authored
Closes #3844
-
- May 17, 2019
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- May 16, 2019
-
-
Viktor Szakats authored
Approved-by: Daniel Stenberg Closes #3896
-
Viktor Szakats authored
Ref: https://github.com/curl/curl/commit/0af41b40b2c7bd379b2251cbe7cd618e21fa0ea1#commitcomment-33563135 Approved-by: Daniel Stenberg Closes #3895
-
Daniel Stenberg authored
Closes #3887
-
Daniel Stenberg authored
They serve very little purpose and mostly just add noise. Most of them have been around for a very long time. I read them all before removing or rephrasing them. Ref: #3876 Closes #3883
-
Daniel Stenberg authored
... since libcurl has started to be totally unaware of options for disabled protocols they now return error. Bug: https://github.com/curl/curl/commit/c9c5304dd4747cbe75d2f24be85920d572fcb5b8#commitcomment-33533937 Reported-by: Marcel Raad Closes #3886
-
- May 15, 2019
-
-
Steve Holme authored
This brings the code inline with the other HTTP authentication mechanisms. Closes #3890
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Reported-by: Roy Bellingan Bug: #3885
-
Daniel Stenberg authored
As we treat a given proxy as a URL we should use the unified URL parser to extract the parts out of it. Closes #3878
-
- May 14, 2019
-
-
Steve Holme authored
Given that this member variable is not used by the SASL based protocols there is no need to have it here. Closes #3882
-
Steve Holme authored
Given that this member variable is not used by the SASL based protocols there is no need to have it here.
-
Steve Holme authored
-
Steve Holme authored
Given that Curl_disconnect() calls Curl_http_auth_cleanup_ntlm() prior to calling conn_shutdown() and it in turn performs this, there is no need to perform the same action in conn_shutdown(). Closes #3881
-
Daniel Stenberg authored
Updated test 1560 to verify. Closes #3880
-
Daniel Stenberg authored
If --with-ssl is used and configure still couldn't enable SSL this creates an error instead of just silently ignoring the fact. Suggested-by: Isaiah Norton Fixes #3824 Closes #3830
-
Daniel Gustafsson authored
-
Steve Holme authored
No need to set variables to zero as calloc() does this for us. Closes #3879
-
Daniel Stenberg authored
Clues-provided-by: Jay Satiro Clues-provided-by: Jeroen Ooms Fixes #3711 Closes #3874
-
- May 13, 2019
-
-
Daniel Gustafsson authored
In Curl_multissl_version() it was possible to overflow the passed in buffer if the generated version string exceeded the size of the buffer. Fix by inverting the logic, and also make sure to not exceed the local buffer during the string generation. Closes #3863 Reported-by: nevv on HackerOne/curl Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg
-