- May 14, 2018
-
-
Daniel Stenberg authored
... leaving the k->str could lead to buffer over-reads later on. CVE: CVE-2018-1000301 Assisted-by: Max Dymond Detected by OSS-Fuzz. Bug: https://curl.haxx.se/docs/adv_2018-b138.html Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
-
- May 12, 2018
-
-
Patrick Monnerat authored
RFC 6265 section 4.2.1 does not set restrictions on cookie names. This is a follow-up to commit 7f7fcd0d. Also explicitly check proper syntax of cookie name/value pair. New test 1155 checks that cookie names are not reserved words. Reported-By: anshnd at github Fixes #2564 Closes #2566
-
Daniel Stenberg authored
Assisted-by: Max Dymond Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
-
- May 11, 2018
-
-
Daniel Stenberg authored
Detected by Coverity; CID 1435559. Follow-up to f8d608f3. It would index the array with -1 if neither index was a socket.
-
- May 10, 2018
-
-
Daniel Stenberg authored
Closes #2558
-
Sunny Purushe authored
To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES handling is causing problems. This fix changes the OpenSSL backend code to use BIO functions instead of FILE I/O functions to circumvent those problems. Closes #2512
-
- May 09, 2018
-
-
Daniel Stenberg authored
Assisted-by: Dan Fandrich Closes #2528
-
- May 07, 2018
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- May 05, 2018
-
-
Daniel Gustafsson authored
This file wasn't included in commit 4af40b36 which updated all haxx.se http urls to https. The file was committed prior to that update, but may have been merged after it and hence didn't get updated. Closes #2550
-
Daniel Stenberg authored
-
- May 04, 2018
-
-
Daniel Stenberg authored
follow-up to e66cca04
-
Daniel Stenberg authored
... instead of previous separate struct fields, to make it easier to extend and change individual backends without having to modify them all. closes #2547
-
Daniel Stenberg authored
Curl_setup_transfer() can be called to setup a new individual transfer over a multiplexed connection so it shouldn't unset writesockfd. Bug: #2520 Closes #2549
-
Frank Gevaerts authored
They are removed from the compiler flags. This ensures that make dependency tracking will force a rebuild whenever configure --enable-debug or --enable-curldebug changes. Closes #2548
-
Daniel Stenberg authored
It triggers an assert. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144 Closes #2546
-
Daniel Stenberg authored
Closes #2531
-
- May 03, 2018
-
-
Daniel Stenberg authored
When only building with SSL backends that don't use the CA bundle file (by default), skip the check. Fixes #2543 Fixes #2180 Closes #2545
-
Daniel Stenberg authored
ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to represent, but 'int' only has 32 bits [-Wshift-overflow=] 'len' will never be that big anyway so I converted the run-time check to a regular assert.
-
Stephan Mühlstrasser authored
Commit 3c630f9b partially reverted the changes from commit dd7521bc because of the problem that strcpy_url() was modified unilaterally without also modifying strlen_url(). As a consequence strcpy_url() was again depending on ASCII encoding. This change fixes strlen_url() and strcpy_url() in parallel to use a common host-encoding independent criterion for deciding whether an URL character must be %-escaped. Closes #2535
-
Denis Ollier authored
Closes #2544
-
Daniel Stenberg authored
-
Daniel Stenberg authored
This reverts commit d5d683a9. --disable-pthreads can be used to disable pthreads and get the threaded resolver to use the windows threading when building with mingw.
-
- May 02, 2018
-
-
Daniel Stenberg authored
... as it defines it (too)
-
Daniel Stenberg authored
-
David Garske authored
Closes https://github.com/curl/curl/pull/2542
-
- Apr 30, 2018
-
-
Daniel Stenberg authored
Feedback-by: Michael Kilburn
-
Daniel Stenberg authored
Closes #1411
-
Daniel Stenberg authored
Closes #1508
-
Daniel Stenberg authored
Closes #2051
-
Daniel Stenberg authored
Closes #1332
-
Daniel Stenberg authored
It seems to not be detected by default anymore (which is a bug I believe) Closes #2541
-
- Apr 29, 2018
-
-
Daniel Stenberg authored
Closes #2299
-
Daniel Stenberg authored
Closes #2252
-
Daniel Stenberg authored
... and make test 1026 rely on that feature so that --disable-manual builds don't cause test failures. Reported-by: Max Dymond and Anders Roxell Fixes #2533 Closes #2540
-
- Apr 27, 2018
-
-
Daniel Stenberg authored
-
Daniel Gustafsson authored
Commit 2bc230de made the macro MAX_COOKIE_LINE_TXT become unused, so remove as it's not part of the published API. Closes https://github.com/curl/curl/pull/2537
-
- Apr 26, 2018
-
-
Daniel Gustafsson authored
This extends the INDENTATION case to also handle 'else' statements and require proper indentation on the following line. Also fixes the offending cases found in the codebase. Closes #2532
-
Daniel Stenberg authored
This function can get called on a connection that isn't setup enough to have the 'recv_underlying' function pointer initialized so it would try to call the NULL pointer. Reported-by: Dario Weisser Follow-up to db1b2c7f (never shipped in a release) Closes #2536
-
Daniel Stenberg authored
Follow-up to 1514c446: replace another strstr() call done on a buffer that might not be zero terminated - with a memchr() call, even if we know the substring will be found. Assisted-by: Max Dymond Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021 Closes #2534
-