- Apr 27, 2018
-
-
Daniel Stenberg authored
-
Daniel Gustafsson authored
Commit 2bc230de made the macro MAX_COOKIE_LINE_TXT become unused, so remove as it's not part of the published API. Closes https://github.com/curl/curl/pull/2537
-
- Apr 26, 2018
-
-
Daniel Gustafsson authored
This extends the INDENTATION case to also handle 'else' statements and require proper indentation on the following line. Also fixes the offending cases found in the codebase. Closes #2532
-
Daniel Stenberg authored
This function can get called on a connection that isn't setup enough to have the 'recv_underlying' function pointer initialized so it would try to call the NULL pointer. Reported-by: Dario Weisser Follow-up to db1b2c7f (never shipped in a release) Closes #2536
-
Daniel Stenberg authored
Follow-up to 1514c446: replace another strstr() call done on a buffer that might not be zero terminated - with a memchr() call, even if we know the substring will be found. Assisted-by: Max Dymond Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021 Closes #2534
-
Daniel Stenberg authored
WolfSSL doesn't enable it by default anymore
-
Daniel Stenberg authored
-
- Apr 25, 2018
-
-
Daniel Stenberg authored
-
Daniel Gustafsson authored
All occurrences of assignment within conditional expression in os400sys.c rewritten into two steps: first assignment and then the check on the success of the assignment. Also adjust related incorrect brace positions to match project indentation style. This was spurred by seeing "if((inp = input_token))", but while in there all warnings were fixed. There should be no functional change from these changes. Closes #2525
-
Daniel Gustafsson authored
The jar should be written iff there are cookies, so ensure that we still have cookies after expiration to avoid creating an empty file. Closes #2529
-
Daniel Stenberg authored
OSS-Fuzz detected https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000 Broke in dd7521bc
-
- Apr 24, 2018
-
-
Daniel Stenberg authored
Coverity detected, CID 1435120 Closes #2527
-
Stephan Mühlstrasser authored
With commit 4272a0b0 curl-speficic character classification macros and functions were introduced in curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on non-ASCII, e.g. EBCDIC platforms. This change restores the previous set of character classification macros when CURL_DOES_CONVERSIONS is defined. Closes #2494
-
Daniel Stenberg authored
Fixes FTP wildcard parsing when done over a number of read buffers. Regression from f786d1f1 Reported-by: wncboy on github Fixes #2445 Closes #2526
-
Daniel Stenberg authored
http2-upload.c:135:44: error: ‘%02d’ directive output may be truncated writing between 2 and 11 bytes into a region of size between 8 and 17
-
Daniel Stenberg authored
/docs/examples/sftpuploadresume.c:102:12: warning: conversion to 'long int' from 'curl_off_t {aka long long int}' may alter its value
-
Daniel Stenberg authored
This reverts commit abbc8457. Caused fuzzer problems on travis not seen when this was a PR!
-
Daniel Stenberg authored
Avoids undefined behavior. Reported-by: Geeknik Labs
-
- Apr 23, 2018
-
-
Daniel Stenberg authored
Fixes FTP wildcard parsing when doing over a number of read buffers. Regression from f786d1f1 Reported-by: wncboy on github Fixes #2445 Closes #2519
-
Daniel Stenberg authored
... to make them better spell out what they're for.
-
Daniel Stenberg authored
-
Christian Schmitz authored
Closes #2499
-
Daniel Stenberg authored
Fuzzing has proven we can reach code in on_frame_recv with status_code not having been set, so let's detect that in run-time (instead of with assert) and error error accordingly. (This should no longer happen with the latest nghttp2) Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903 Closes #2514
-
Daniel Stenberg authored
Fixes #2515 Closes #2517
-
Archangel_SDY authored
- Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't support the latter. Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668 Closes https://github.com/curl/curl/pull/2504
-
Daniel Stenberg authored
This reverts commit 8fb78f9d. Unfortunately this fix introduces memory leaks I've not been able to fix in several days. Reverting this for now to get the leaks fixed.
-
- Apr 21, 2018
-
-
Jay Satiro authored
Before: -m, --max-time <time> Maximum time allowed for the transfer After: -m, --max-time <seconds> Maximum time allowed for the transfer
-
- Apr 20, 2018
-
-
Daniel Stenberg authored
When receiving REFUSED_STREAM, mark the connection for close and retry streams accordingly on another/fresh connection. Reported-by: Terry Wu Fixes #2416 Fixes #1618 Closes #2510
-
Daniel Stenberg authored
This fixes the notorious "httpc->drain_total >= data->state.drain" assert. Reported-by: Anders Bakken Fixes #1680 Closes #2509
-
Daniel Stenberg authored
It's not strictly clear if the API contract allows us to call strstr() on a string that isn't zero terminated even when we know it will find the substring, and clang's ASAN check dislikes us for it. Also added a check of the return code in case it fails, even if I can't think of a situation how that can trigger. Detected by OSS-Fuzz Closes #2513 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760
-
Stephan Mühlstrasser authored
Curl_cert_hostcheck operates with the host character set, therefore the ASCII subjectAltName string retrieved with OpenSSL must be converted to the host encoding before comparison. Closes #2493
-
Jay Satiro authored
- Support handling verbose-mode trace messages of type SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, SSL3_MT_MESSAGE_HASH Reported-by: <iz8mbw@users.noreply.github.com> Fixes https://github.com/curl/curl/issues/2403
-
- Apr 19, 2018
-
-
Daniel Stenberg authored
Regression from f786d1f1 Reported-by: wncboy on github Fixes #2445 Closes #2508
-
Daniel Stenberg authored
-
Daniel Stenberg authored
This triggered an assert if called more than once in debug mode (and a memory leak if not debug build). With the right sequence of HTTP/2 headers incoming it can happen. Detected by OSS-Fuzz Closes #2507 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764
-
- Apr 18, 2018
-
-
Dan McNulty authored
- Move verify_certificate functionality in schannel.c into a new file called schannel_verify.c. Additionally, some structure defintions from schannel.c have been moved to schannel.h to allow them to be used in schannel_verify.c. - Make verify_certificate functionality for Schannel available on all versions of Windows instead of just Windows CE. verify_certificate will be invoked on Windows CE or when the user specifies CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - In verify_certificate, create a custom certificate chain engine that exclusively trusts the certificate store backed by the CURLOPT_CAINFO file. - doc updates of --cacert/CAINFO support for schannel - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString when available. This implements a TODO in schannel.c to improve handling of multiple SANs in a certificate. In particular, all SANs will now be searched instead of just the first name. - Update tool_operate.c to not search for the curl-ca-bundle.crt file when using Schannel to maintain backward compatibility. Previously, any curl-ca-bundle.crt file found in that search would have been ignored by Schannel. But, with CAINFO support, the file found by that search would have been used as the certificate store and could cause issues for any users that have curl-ca-bundle.crt in the search path. - Update url.c to not set the build time CURL_CA_BUNDLE if the selected SSL backend is Schannel. We allow setting CA location for schannel only when explicitly specified by the user via CURLOPT_CAINFO / --cacert. - Add new test cases 3000 and 3001. These test cases check that the first and last SAN, respectively, matches the connection hostname. New test certificates have been added for these cases. For 3000, the certificate prefix is Server-localhost-firstSAN and for 3001, the certificate prefix is Server-localhost-secondSAN. - Remove TODO 15.2 (Add support for custom server certificate validation), this commit addresses it. Closes https://github.com/curl/curl/pull/1325
-
- Apr 17, 2018
-
-
Jay Satiro authored
- Fix warning 'integer from pointer without a cast' on 3rd arg in CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer type of the same size. Follow-up to e35b0256. Caught by Marc's CI builds.
-
Jakub Wilk authored
Closes https://github.com/curl/curl/pull/2503
-
Daniel Stenberg authored
-