- Jan 20, 2018
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Jan 18, 2018
-
-
Kartik Mahajan authored
Fixes #2237 Closes #2249
-
Daniel Stenberg authored
vtls.c:multissl_init() might do a curl_free() call so strip that out to make this work with more builds. We just want to verify that memorytracking works so skipping one line is no harm.
-
Daniel Stenberg authored
Reported-by: XhstormR on github Fixes #2245
-
Michael Gmelin authored
In case an identity didn't match[0], the state machine would fail in state SSH_AUTH_AGENT instead of progressing to the next identity in ssh-agent. As a result, ssh-agent authentication only worked if the identity required happened to be the first added to ssh-agent. This was introduced as part of commit c4eb10e2, which stated that the "else" statement was required to prevent getting stuck in state SSH_AUTH_AGENT. Given the state machine's logic and libssh2's interface I couldn't see how this could happen or reproduce it and I also couldn't find a more detailed description of the problem which would explain a test case to reproduce the problem this was supposed to fix. [0] libssh2_agent_userauth returning LIBSSH2_ERROR_AUTHENTICATION_FAILED Closes #2248
-
Daniel Stenberg authored
Coverity CID 1427646.
-
Daniel Stenberg authored
Follow-up to 84fcaa2e. libressl does not have the API even if it says it is late OpenSSL version... Fixes #2246 Closes #2247 Reported-by: jungle-boogie on github
-
- Jan 17, 2018
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... to avoid excessive recursive calls. The number 5 is totally arbitrary and could be modified if someone has a good motivation.
-
Daniel Stenberg authored
.... and avoid advancing the pointer to trigger an out of buffer read. Detected by OSS-fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251 Assisted-by: Max Dymond
-
- Jan 16, 2018
-
-
Daniel Stenberg authored
1. don't use "ULL" suffix since unsupported in older MSVC 2. use curl_off_t instead of custom long long ifdefs 3. make get_posix_time() not do unaligned data access Fixes #2211 Closes #2240 Reported-by: Chester Liu
-
- Jan 15, 2018
-
-
rouzier authored
Closes #2239
-
Daniel Stenberg authored
Follow-up commit to 615edc1f which was incomplete. Assisted-by: Max Dymond Detected by OSS-fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206
-
Daniel Stenberg authored
Fixes #2210 Closes #2236
-
- Jan 14, 2018
-
-
Patrick Monnerat authored
A mime tree attached to an easy handle using CURLOPT_MIMEPOST is strongly bound to the handle: there is a pointer to the easy handle in each item of the mime tree and following the parent pointer list of mime items ends in a dummy part stored within the handle. Because of this binding, a mime tree cannot be shared between different easy handles, thus it needs to be cloned upon easy handle duplication. There is no way for the caller to get the duplicated mime tree handle: it is then set to be automatically destroyed upon freeing the new easy handle. New test 654 checks proper mime structure duplication/release. Add a warning note in curl_mime_data_cb() documentation about sharing user data between duplicated handles. Closes #2235
-
Patrick Monnerat authored
-
- Jan 13, 2018
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... and make the max filesize check trigger if the value is too big. Updates test 178. Reported-by: Brad Spencer Fixes #2212 Closes #2223
-
Dan Johnson authored
Link order should list libraries after the libraries that use them, so when we're guessing that we might also need to add -ldl in order to use -lssl, we should add -ldl after -lssl. Closes https://github.com/curl/curl/pull/2234
-
Daniel Stenberg authored
-
Jay Satiro authored
Broken since f121575c (precedes 7.56.1). Bug: https://github.com/curl/curl/issues/2225 Reported-by: <cmfrolick@users.noreply.github.com> Closes https://github.com/curl/curl/pull/2227
-
Patrick Monnerat authored
This also upgrades ILE/RPG bindings with latest setopt options. Reported-By: jonrumsey on github Fixes #2230 Closes #2233
-
- Jan 11, 2018
-
-
Zhouyihai Ding authored
Prior to this change the stored byte count of each trailer was miscalculated and 1 less than required. It appears any trailer after the first that was passed to Curl_client_write would be truncated or corrupted as well as the size. Potentially the size of some subsequent trailer could be erroneously extracted from the contents of that trailer, and since that size is used by client write an out-of-bounds read could occur and cause a crash or be otherwise processed by client write. The bug appears to have been born in 0761a51e (precedes 7.49.0). Closes https://github.com/curl/curl/pull/2231
-
- Jan 09, 2018
-
-
Basuke Suzuki authored
Before calling Curl_client_chop_write(), change the owner of connection to the current Curl_easy handle. This will fix the issue #2217. Fixes https://github.com/curl/curl/issues/2217 Closes https://github.com/curl/curl/pull/2221
-
Dimitrios Apostolou authored
__SIZEOF_LONG__ was introduced in GCC 4.4, __LONG_MAX__ was introduced in GCC 3.3. Closes #2216
-
Daniel Stenberg authored
-
- Jan 08, 2018
-
-
Daniel Stenberg authored
to increase accuracy for quick transfers Fixes #2200 Closes #2206
-
- Jan 07, 2018
-
-
Jay Satiro authored
- Enable execute permission (chmod +x) - Change interpreter to /usr/bin/env perl Closes https://github.com/curl/curl/pull/2222
-
Jay Satiro authored
-
- Jan 06, 2018
-
-
Jay Satiro authored
.. because limits.h presence isn't optional, it's required by C89. Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2 Closes https://github.com/curl/curl/pull/2215
-
- Jan 03, 2018
-
-
Jay Satiro authored
- Free the copy of SSLKEYLOGFILE env returned by curl_getenv during ossl initialization. Caught by ASAN.
-
- Jan 02, 2018
-
-
Jay Satiro authored
This reverts commit c97648b5. SIZEOF_LONG should not be checked in system.h since that macro is only defined when building libcurl. Ref: https://github.com/curl/curl/pull/2186#issuecomment-354767080 Ref: https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
-
- Dec 30, 2017
-
-
Michael Kaufmann authored
-
Michael Kaufmann authored
-
- Dec 29, 2017
-
-
Daniel Stenberg authored
Reported-by: Pete Lomax Bug: https://curl.haxx.se/mail/lib-2017-12/0074.html
-
- Dec 27, 2017
-
-
Mikalai Ananenka authored
Decoding loop implementation did not concern the case when all received data is consumed by Brotli decoder and the size of decoded data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE. For content with unencoded length greater than CURL_MAX_WRITE_SIZE this can result in the loss of data at the end of content. Closes #2194
-
- Dec 26, 2017
-
-
Jay Satiro authored
- Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback since it's possible the cert may have already been loaded by libcurl. - Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc. Instead have it direct the reader to this cacertinmem.c example. - Fix the CA certificate to use the right CA for example.com, Digicert. Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html Reported-by: Thomas van Hesteren Closes https://github.com/curl/curl/pull/2182
-