Skip to content
  1. Jan 18, 2018
    • Michael Gmelin's avatar
      SSH: Fix state machine for ssh-agent authentication · ddafd45a
      Michael Gmelin authored
      In case an identity didn't match[0], the state machine would fail in
      state SSH_AUTH_AGENT instead of progressing to the next identity in
      ssh-agent. As a result, ssh-agent authentication only worked if the
      identity required happened to be the first added to ssh-agent.
      
      This was introduced as part of commit c4eb10e2, which
      stated that the "else" statement was required to prevent getting stuck
      in state SSH_AUTH_AGENT. Given the state machine's logic and libssh2's
      interface I couldn't see how this could happen or reproduce it and I
      also couldn't find a more detailed description of the problem which
      would explain a test case to reproduce the problem this was supposed to
      fix.
      
      [0] libssh2_agent_userauth returning LIBSSH2_ERROR_AUTHENTICATION_FAILED
      
      Closes #2248
      ddafd45a
    • Daniel Stenberg's avatar
      openssl: fix potential memory leak in SSLKEYLOGFILE logic · 9e4ad1e2
      Daniel Stenberg authored
      Coverity CID 1427646.
      9e4ad1e2
    • Daniel Stenberg's avatar
      openssl: fix the libressl build again · ca9c93e3
      Daniel Stenberg authored
      Follow-up to 84fcaa2e. libressl does not have the API even if it says it is
      late OpenSSL version...
      
      Fixes #2246
      Closes #2247
      
      Reported-by: jungle-boogie on github
      ca9c93e3
  2. Jan 17, 2018
  3. Jan 16, 2018
  4. Jan 15, 2018
  5. Jan 14, 2018
    • Patrick Monnerat's avatar
      mime: clone mime tree upon easy handle duplication. · e44ddfd4
      Patrick Monnerat authored
      A mime tree attached to an easy handle using CURLOPT_MIMEPOST is
      strongly bound to the handle: there is a pointer to the easy handle in
      each item of the mime tree and following the parent pointer list
      of mime items ends in a dummy part stored within the handle.
      
      Because of this binding, a mime tree cannot be shared between different
      easy handles, thus it needs to be cloned upon easy handle duplication.
      
      There is no way for the caller to get the duplicated mime tree
      handle: it is then set to be automatically destroyed upon freeing the
      new easy handle.
      
      New test 654 checks proper mime structure duplication/release.
      
      Add a warning note in curl_mime_data_cb() documentation about sharing
      user data between duplicated handles.
      
      Closes #2235
      e44ddfd4
    • Patrick Monnerat's avatar
  6. Jan 13, 2018
  7. Jan 11, 2018
    • Zhouyihai Ding's avatar
      http2: fix incorrect trailer buffer size · fa3dbb9a
      Zhouyihai Ding authored
      Prior to this change the stored byte count of each trailer was
      miscalculated and 1 less than required. It appears any trailer
      after the first that was passed to Curl_client_write would be truncated
      or corrupted as well as the size. Potentially the size of some
      subsequent trailer could be erroneously extracted from the contents of
      that trailer, and since that size is used by client write an
      out-of-bounds read could occur and cause a crash or be otherwise
      processed by client write.
      
      The bug appears to have been born in 0761a51e (precedes 7.49.0).
      
      Closes https://github.com/curl/curl/pull/2231
      fa3dbb9a
  8. Jan 09, 2018
  9. Jan 08, 2018
  10. Jan 07, 2018
  11. Jan 06, 2018
  12. Jan 03, 2018
  13. Jan 02, 2018
  14. Dec 30, 2017
  15. Dec 29, 2017
  16. Dec 27, 2017
    • Mikalai Ananenka's avatar
      brotli: data at the end of content can be lost · 58d7cd28
      Mikalai Ananenka authored
      Decoding loop implementation did not concern the case when all
      received data is consumed by Brotli decoder and the size of decoded
      data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE.
      For content with unencoded length greater than CURL_MAX_WRITE_SIZE this
      can result in the loss of data at the end of content.
      
      Closes #2194
      58d7cd28
  17. Dec 26, 2017
  18. Dec 22, 2017