Skip to content
  1. Nov 27, 2017
    • Jay Satiro's avatar
      url: fix alignment of ssl_backend_data struct · 9b5e12a5
      Jay Satiro authored 
      - Align the array of ssl_backend_data on a max 32 byte boundary.

8 is likely to be ok but I went with 32 for posterity should one of
the ssl_backend_data structs change to contain a larger sized variable
in the future.

Prior to this change (since dev 70f1db32, release 7.56) the connectdata
structure was undersized by 4 bytes in 32-bit builds with ssl enabled
because long long * was mistakenly used for alignment instead of
long long, with the intention being an 8 byte boundary. Also long long
may not be an available type.

The undersized connectdata could lead to oob read/write past the end in
what was expected to be the last 4 bytes of the connection's secondary
socket https proxy ssl_backend_data struct (the secondary socket in a
connection is used by ftp, others?).

Closes https://github.com/curl/curl/issues/2093

CVE-2017-8818

Bug: https://curl.haxx.se/docs/adv_2017-af0a.html
      9b5e12a5
  3. Nov 25, 2017
    • Daniel Stenberg's avatar
      ssh: remove check for a NULL pointer (!) · c79b2ca0
      Daniel Stenberg authored 
      With this check present, scan-build warns that we might dereference this
point in other places where it isn't first checked for NULL. Thus, if it
*can* be NULL we have a problem on a few places. However, this pointer
should not be possible to be NULL here so I remove the check and thus
also three different scan-build warnings.

Closes #2111
      c79b2ca0
  5. Nov 24, 2017
  7. Nov 23, 2017
  9. Nov 22, 2017
  11. Nov 21, 2017
  13. Nov 20, 2017
  15. Nov 18, 2017
  17. Nov 17, 2017
  19. Nov 15, 2017
  21. Nov 14, 2017
  23. Nov 13, 2017
  25. Nov 12, 2017
  27. Nov 11, 2017
  29. Nov 10, 2017
  31. Nov 09, 2017