Skip to content
  1. Apr 11, 2019
  3. Apr 10, 2019
    • Steve Holme's avatar
      README: Schannel, stop calling it "winssl" · 37c43bf7
      Steve Holme authored 
      Stick to "Schannel" everywhere - follow up to 180501cb.
      37c43bf7
    • Jakub Zakrzewski's avatar
      cmake: clear CMAKE_REQUIRED_LIBRARIES after each use · ff1cb975
      Jakub Zakrzewski authored 
      This fixes GSSAPI builds with the libraries in a non-standard location.
The testing for recv() were failing because it failed to link
the Kerberos libraries, which are not needed for this or subsequent
tests.

fixes #3743
closes #3744
      ff1cb975
    • Jakub Zakrzewski's avatar
      cmake: avoid linking executable for some tests with cmake 3.6+ · be17f298
      Jakub Zakrzewski authored 
      With CMAKE_TRY_COMPILE_TARGET_TYPE set to STATIC_LIBRARY, the try_compile()
(which is used by check_c_source_compiles()) will build static library
instead of executable. This avoids linking additional libraries in and thus
speeds up those checks a little.

This commit also avoids #3743 (GSSAPI build errors) on itself with cmake
3.6 or above. That issue was fixed separately for all versions.

Ref: #3744
      be17f298
    • Jakub Zakrzewski's avatar
      cmake: minor cleanup · 639cfeb0
      Jakub Zakrzewski authored 
      - Remove nneeded include_regular_expression.
  It was setting what is already a default.

- Remove duplicated include.

- Don't check for pre-3.0.0 CMake version.
  We already require at least 3.0.0, so it's just clutter.

Ref: #3744
      639cfeb0
  5. Apr 08, 2019
  7. Apr 07, 2019
    • Daniel Stenberg's avatar
      socks5: user name and passwords must be shorter than 256 · f4b69012
      Daniel Stenberg authored 
      bytes... since the protocol needs to store the length in a single byte field.

Reported-by: XmiliaH on github
Fixes #3737
Closes #3740
      f4b69012
    • Jakub Zakrzewski's avatar
      test: urlapi: urlencode characters above 0x7f correctly · 89bb5a83
      Jakub Zakrzewski authored
      89bb5a83
    • Jakub Zakrzewski's avatar
      urlapi: urlencode characters above 0x7f correctly · 0dd47c2a
      Jakub Zakrzewski authored 
      fixes #3741
Closes #3742
      0dd47c2a
    • Even Rouault's avatar
      multi_runsingle(): fix use-after-free · 64cbae31
      Even Rouault authored 
      Fixes #3745
Closes #3746

The following snippet
```

int main()
{
    CURL* hCurlHandle = curl_easy_init();
    curl_easy_setopt(hCurlHandle, CURLOPT_URL, "http://example.com");
    curl_easy_setopt(hCurlHandle, CURLOPT_PROXY, "1");
    curl_easy_perform(hCurlHandle);
    curl_easy_cleanup(hCurlHandle);
    return 0;
}
```
triggers the following Valgrind warning

```
==4125== Invalid read of size 8
==4125==    at 0x4E7D1EE: Curl_llist_remove (llist.c:97)
==4125==    by 0x4E7EF5C: detach_connnection (multi.c:798)
==4125==    by 0x4E80545: multi_runsingle (multi.c:1451)
==4125==    by 0x4E8197C: curl_multi_perform (multi.c:2072)
==4125==    by 0x4E766A0: easy_transfer (easy.c:625)
==4125==    by 0x4E76915: easy_perform (easy.c:719)
==4125==    by 0x4E7697C: curl_easy_perform (easy.c:738)
==4125==    by 0x4008BE: main (in /home/even/curl/test)
==4125==  Address 0x9b3d1d0 is 1,120 bytes inside a block of size 1,600 free'd
==4125==    at 0x4C2ECF0: free (vg_replace_malloc.c:530)
==4125==    by 0x4E62C36: conn_free (url.c:756)
==4125==    by 0x4E62D34: Curl_disconnect (url.c:818)
==4125==    by 0x4E48DF9: Curl_once_resolved (hostip.c:1097)
==4125==    by 0x4E8052D: multi_runsingle (multi.c:1446)
==4125==    by 0x4E8197C: curl_multi_perform (multi.c:2072)
==4125==    by 0x4E766A0: easy_transfer (easy.c:625)
==4125==    by 0x4E76915: easy_perform (easy.c:719)
==4125==    by 0x4E7697C: curl_easy_perform (easy.c:738)
==4125==    by 0x4008BE: main (in /home/even/curl/test)
==4125==  Block was alloc'd at
==4125==    at 0x4C2F988: calloc (vg_replace_malloc.c:711)
==4125==    by 0x4E6438E: allocate_conn (url.c:1654)
==4125==    by 0x4E685B4: create_conn (url.c:3496)
==4125==    by 0x4E6968F: Curl_connect (url.c:4023)
==4125==    by 0x4E802E7: multi_runsingle (multi.c:1368)
==4125==    by 0x4E8197C: curl_multi_perform (multi.c:2072)
==4125==    by 0x4E766A0: easy_transfer (easy.c:625)
==4125==    by 0x4E76915: easy_perform (easy.c:719)
==4125==    by 0x4E7697C: curl_easy_perform (easy.c:738)
==4125==    by 0x4008BE: main (in /home/even/curl/test)
```

This has been bisected to commit 2f44e94e

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14109
Credit to OSS Fuzz
      64cbae31
  9. Apr 06, 2019