Skip to content
  1. Nov 20, 2011
  2. Nov 19, 2011
  3. Nov 18, 2011
  4. Nov 17, 2011
  5. Nov 15, 2011
  6. Nov 14, 2011
  7. Nov 12, 2011
  8. Nov 11, 2011
    • Daniel Stenberg's avatar
      progress_cb: avoid buffer overflow · 10120e6a
      Daniel Stenberg authored
      The progress bar output function would blindly use the terminal width
      without bounds checking. When using a very wide terminal that caused a
      buffer overflow and segfault.
      
      We now limit the max bar with to 255 columns, and I simplified the code
      to avoid an extra snprintf and buffer.
      
      Bug: http://curl.haxx.se/bug/view.cgi?id=3435710
      Reported by: Alexey Zakhlestin
      10120e6a
    • Yang Tse's avatar
      Active mode FTP test cases with server not establishing data connection · 082e8a3b
      Yang Tse authored
      591 -> FTP multi PORT and 425 on upload
      592 -> FTP multi PORT and 421 on upload
      593 -> FTP multi PORT upload, no data conn and no transient neg. reply
      594 -> FTP multi PORT upload, no data conn and no positive prelim. reply
      
      1206 -> FTP PORT and 425 on download
      1207 -> FTP PORT and 421 on download
      1208 -> FTP PORT download, no data conn and no transient negative reply
      1209 -> FTP PORT download, no data conn and no positive preliminary reply
      082e8a3b
  9. Nov 08, 2011
  10. Nov 06, 2011
    • Daniel Stenberg's avatar
      RELEASE-NOTES: synced with e3166df1 · c8ffb404
      Daniel Stenberg authored
      4 new bugfixes, 2 more contributors
      c8ffb404
    • Daniel Stenberg's avatar
      ftp PORT: don't hang if bind() fails · e3166df1
      Daniel Stenberg authored
      When the user requests PORT with a specific port or port range, the code
      could lock up in an endless loop. There's now an extra conditional that
      makes sure to special treat the error and try the local address only
      once so a second failure will abort the loop correctly.
      
      Bug: http://curl.haxx.se/bug/view.cgi?id=3433968
      Reported by: Gokhan Sengun
      e3166df1
    • Daniel Stenberg's avatar
      pingpong: change two comments wrongly referring "FTP" · 06a83e80
      Daniel Stenberg authored
      Just a sign of where the code originally was ripped out from. Now it is
      generic "pingpong".
      06a83e80
    • Daniel Stenberg's avatar
      test 590: verify the bug fix in 4851dafc · 2c09d21f
      Daniel Stenberg authored
      This test is created to verify Rene Bernhardt's patch which makes sure
      libcurl properly _not_ deals with Negotiate if not asked to even if the
      proxy says it can serve it.
      2c09d21f
    • Rene Bernhardt's avatar
      HTTP auth: fix proxy Negotiate bug · 4851dafc
      Rene Bernhardt authored
      If a proxy offers several Authentication schemes where NTLM and
      Negotiate are offered by the proxy and you tell libcurl not to use the
      Negotiate scheme then the request never returns when the proxy answers
      with its HTTP 407 reply.
      
      It is reproducible by the following steps:
      
      - Use a proxy that offers NTLM and Negotiate ( CURLOPT_PROXY and
      CURLOPT_PROXYPORT )
      
      - Tell libcurl NOT to use Negotiate CURL_EASY_SETOPT(CURLOPT_PROXYAUTH,
      CURLAUTH_BASIC | CURLAUTH_DIGEST | CURLAUTH_NTLM )
      
      - Start the request
      
      The call to CURL_EASY_PERFORM never returns. If you switch on debug
      logging you can see that libcurl issues a new request As soon as it
      received the 407 reply. Instead it should return and set the response
      code to 407.
      
      Bug: http://curl.haxx.se/mail/lib-2011-10/0323.html
      4851dafc
  11. Nov 04, 2011
    • Yang Tse's avatar
      ssluse.c: fix calling of OpenSSL's ERR_remove_state(0) · 73029dca
      Yang Tse authored
      Move calling of ERR_remove_state(0) a.k.a ERR_remove_thread_state(NULL)
      from Curl_ossl_close_all() to Curl_ossl_cleanup().
      
      In this way ERR_remove_state(0) is now only called in libcurl by
      curl_global_cleanup(). Previously it would get called by functions
      curl_easy_cleanup(), curl_multi_cleanup and potentially each time a
      connection was removed from a connection cache leading to premature
      destruction of OpenSSL's thread local state hash.
      
      Multi-threaded apps using OpenSSL enabled libcurl should still call
      function ERR_remove_state(0) or ERR_remove_thread_state(NULL) at the
      very end end of threads that do not call curl_global_cleanup().
      73029dca
  12. Nov 03, 2011
  13. Nov 02, 2011
  14. Nov 01, 2011
  15. Oct 31, 2011
  16. Oct 30, 2011