Skip to content
  1. Aug 20, 2013
    • Jonathan Nieder's avatar
      sasl: allow arbitrarily long username and password · c56f9797
      Jonathan Nieder authored
      Use appropriately sized buffers on the heap instead of fixed-size
      buffers on the stack, to allow for longer usernames and passwords.
      
      Callers never pass anything longer than MAX_CURL_USER_LENGTH (resp.
      MAX_CURL_PASSWORD_LENGTH), so no functional change inteded yet.
      c56f9797
  2. Aug 19, 2013
  3. Aug 16, 2013
    • Daniel Stenberg's avatar
      glob: error out on range overflow · f15a88f2
      Daniel Stenberg authored
      The new multiply() function detects range value overflows. 32bit
      machines will overflow on a 32bit boundary while 64bit hosts support
      ranges up to the full 64 bit range.
      
      Added test 1236 to verify.
      
      Bug: http://curl.haxx.se/bug/view.cgi?id=1267
      Reported-by: Will Dietz
      f15a88f2
    • Daniel Stenberg's avatar
      urlglob: better detect unclosed braces, empty lists and overflows · 5ca96cb8
      Daniel Stenberg authored
      A rather big overhaul and cleanup.
      
      1 - curl wouldn't properly detect and reject globbing that ended with an
      open brace if there were brackets or braces before it. Like "{}{" or
      "[0-1]{"
      
      2 - curl wouldn't properly reject empty lists so that "{}{}" would
      result in curl getting (nil) strings in the output.
      
      3 - By using strtoul() instead of sscanf() the code will now detected
      over and underflows. It now also better parses the step argument to only
      accept positive numbers and only step counters that is smaller than the
      delta between the maximum and minimum numbers.
      
      4 - By switching to unsigned longs instead of signed ints for the
      counters, the max values for []-ranges are now very large (on 64bit
      machines).
      
      5 - Bumped the maximum number of globs in a single URL to 100 (from 10)
      
      6 - Simplified the code somewhat and now it stores fixed strings as
      single- entry lists. That's also one of the reasons why I did (5) as now
      all strings between "globs" will take a slot in the array.
      
      Added test 1234 and 1235 to verify. Updated test 87.
      
      This commit fixes three separate bug reports.
      
      Bug: http://curl.haxx.se/bug/view.cgi?id=1264
      Bug: http://curl.haxx.se/bug/view.cgi?id=1265
      Bug: http://curl.haxx.se/bug/view.cgi?id=1266
      Reported-by: Will Dietz
      5ca96cb8
  4. Aug 15, 2013
  5. Aug 14, 2013
  6. Aug 12, 2013
  7. Aug 11, 2013
  8. Aug 10, 2013
  9. Aug 09, 2013
  10. Aug 08, 2013
  11. Aug 07, 2013
  12. Aug 06, 2013
    • Daniel Stenberg's avatar
      LIBCURL-STRUCTS: new document · 96749554
      Daniel Stenberg authored
      This is the first version of this new document, detailing the seven
      perhaps most important internal structs in libcurl source code:
      
        1.1 SessionHandle
        1.2 connectdata
        1.3 Curl_multi
        1.4 Curl_handler
        1.5 conncache
        1.6 Curl_share
        1.7 CookieInfo
      96749554
    • Daniel Stenberg's avatar
      CONTRIBUTE: minor language polish · 78574940
      Daniel Stenberg authored
      78574940
    • Daniel Stenberg's avatar
      FTP: when EPSV gets a 229 but fails to connect, retry with PASV · 7cc00d9a
      Daniel Stenberg authored
      This is a regression as this logic used to work. It isn't clear when it
      broke, but I'm assuming in 7.28.0 when we went all-multi internally.
      
      This likely never worked with the multi interface. As the failed
      connection is detected once the multi state has reached DO_MORE, the
      Curl_do_more() function was now expanded somewhat so that the
      ftp_do_more() function can request to go "back" to the previous state
      when it makes another attempt - using PASV.
      
      Added test case 1233 to verify this fix. It has the little issue that it
      assumes no service is listening/accepting connections on port 1...
      
      Reported-by: byte_bucket in the #curl IRC channel
      7cc00d9a
    • Nick Zitzmann's avatar
      md5: remove use of CommonCrypto-to-OpenSSL macros for the benefit of Leopard · 230e16dc
      Nick Zitzmann authored
      For some reason, OS X 10.5's GCC suddenly stopped working correctly with
      macros that change MD5_Init etc. in the code to CC_MD5_Init etc., so I
      worked around this by removing use of the macros and inserting static
      functions that just call CommonCrypto's implementations of the functions
      instead.
      230e16dc