- Oct 09, 2014
-
-
Daniel Stenberg authored
-
- Oct 08, 2014
-
-
Kamil Dudka authored
This fixes a copy-paste mistake from commit 2968f957.
-
Patrick Monnerat authored
-
Daniel Stenberg authored
Coverity CID 252518. This function is in general far too complicated for its own good and really should be broken down into several smaller funcitons instead - but I'm adding this protection here now since it seems there's a risk the code flow can end up here and dereference a NULL pointer.
-
Daniel Stenberg authored
Coverity CID 1241948. dumpeasysrc() would get called with config->current set to NULL which could be dereferenced by a warnf() call.
-
Daniel Stenberg authored
Coverity CID 1241951. The condition 'len >= 0' would always be true at that point and thus not necessary to check for.
-
Daniel Stenberg authored
Coverity CID 1241957. Removed the unused argument. As this struct and pointer now are used only for krb5, there's no need to keep unused function arguments around.
-
Daniel Stenberg authored
Coverity CID 1243583. get_url_file_name() cannot fail and return a NULL file name pointer so skip the check for that - it tricks coverity into believing it can happen and it then warns later on when we use 'outfile' without checking for NULL.
-
- Oct 07, 2014
-
-
Daniel Stenberg authored
Reported-By: Luan Cestari
-
Travis Burtrum authored
-
Travis Burtrum authored
Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der
-
Daniel Stenberg authored
Coverity CID 1202837. 'newurl' can in fact be allocated even when Curl_retry_request() returns failure so free it if need be.
-
Daniel Stenberg authored
Coverity CID 1243581. 'conn' will never be NULL here, and if it would be the subsequent statement would dereference it!
-
Daniel Stenberg authored
Coverity CID 1154198. This NULL check implies that the pointer _can_ be NULL at this point, which it can't. Thus it is dead code. It tricks static analyzers to warn about dereferencing the pointer since the code seems to imply it can be NULL.
-
Waldek Kozba authored
Improves it for low-latency cases (like the communication with localhost)
-
- Oct 06, 2014
-
-
Daniel Stenberg authored
Coverity CID 1222080.
-
Daniel Stenberg authored
just a minor code style thing to make the code clearer
-
- Oct 04, 2014
-
-
Marc Hoersken authored
First try to fix possible memory leaks, in this case: Only connssl->ctxt xor onnssl->cred being initialized.
-
Daniel Stenberg authored
Coverity CID 1061126. 'parse' will always be non-NULL here.
-
Daniel Stenberg authored
Coverity CID 1061118. Point out that it is on purpose.
-
Daniel Stenberg authored
Coverity CID 1241950. The pointer is never NULL but it might point to NULL.
-
Daniel Stenberg authored
Coverity CID 1241947. Since if sscanf() fails, the previously set value remains set.
-
Daniel Stenberg authored
Coverity pointed out several of these.
-
- Oct 03, 2014
-
-
Daniel Stenberg authored
Coverity CID 982331.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Coverify CID 1157776. Removed a superfluous if() that always evaluated true (and an else clause that never ran), and then re-indented the function accordingly.
-
Daniel Stenberg authored
Coverity CID 1215284. The server name is extracted with Curl_copy_header_value() and passed in to this function, and copy_header_value can actually can fail and return NULL.
-
Daniel Stenberg authored
-
Jeremy Lin authored
For private keys, use the first match from: user-specified key file (if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa Note that the previous code only looked for id_dsa files. id_rsa is now generally preferred, as it supports larger key sizes. For public keys, use the user-specified key file, if provided. Otherwise, try to extract the public key from the private key file. This means that passing --pubkey is typically no longer required, and makes the key-handling behavior more like OpenSSH.
-
Daniel Stenberg authored
-
- Oct 02, 2014
-
-
Daniel Stenberg authored
Coverity CID 1202836. If the proxy environment variable returned an empty string, it would be leaked. While an empty string is not really a proxy, other logic in this function already allows a blank string to be returned so allow that here to avoid the leak.
-
Daniel Stenberg authored
Coverity CID 1202837. There's a potential risk that 'newurl' gets overwritten when it was already pointing to allocated memory.
-
Daniel Stenberg authored
Coverity CID 1215287. There's a potential risk for a memory leak in here, and moving the free call to be unconditional seems like a cheap price to remove the risk.
-
Daniel Stenberg authored
Coverity CID 1215296. There's a potential risk for a memory leak in here, and moving the free call to be unconditional seems like a cheap price to remove the risk.
-
Daniel Stenberg authored
Coverity detected this. CID 1241954. When Curl_poll() returns a negative value 'mcode' was uninitialized. Pretty harmless since this is debug code only and would at worst cause an error to _not_ be returned...
-
- Oct 01, 2014
-
-
Daniel Stenberg authored
and separate the example URLs with newlines
-
- Sep 30, 2014
-
-
Bill Nagel authored
This patch fixes the "SSL3_WRITE_PENDING: bad write retry" error that sometimes occurs when sending an email over SMTPS with OpenSSL. OpenSSL appears to require the same pointer on a write that follows a retry (CURLE_AGAIN) as discussed here: http://stackoverflow.com/questions/2997218/why-am-i-getting-error1409f07fssl-routinesssl3-write-pending-bad-write-retr
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Mostly because we use C strings and they end at a binary zero so we know we can't open a file name using an embedded binary zero. Reported-by: <research@g0blin.co.uk>
-
- Sep 26, 2014
-
-
Dan Fandrich authored
-