From dbc6fe3e84a592bf69f140311a79c9116e561ad8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 15 Nov 2008 23:47:01 +0000 Subject: [PATCH] my recent changes --- CHANGES | 13 +++++++++++++ RELEASE-NOTES | 6 ++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 8bc8ee142..99cd29ceb 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,19 @@ Changelog +Daniel Stenberg (16 Nov 2008) +- Added check for NULL returns from strdup() in src/main.c and lib/formdata.c + - reported by Jim Meyering also prevent buffer overflow on MSDOS when you do + for example -O on a url with a file name part longer than PATH_MAX letters + +- lib/nss.c fixes based on the report by Jim Meyering: I went over and added + checks for return codes for all calls to malloc and strdup that were + missing. I also changed a few malloc(13) to use arrays on the stack and a + few malloc(PATH_MAX) to instead use aprintf() to lower memory use. + +- I fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is + in use. + Daniel Fandrich (14 Nov 2008) - Added .xml as one of the few common file extensions known by the multipart form generator. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 310df78f3..6383f765e 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -13,7 +13,9 @@ This release includes the following changes: This release includes the following bugfixes: - o + o fixed several calls to memory functions that didn't check return codes + o memory leak for SSL connects with libcurl/NSS when CURLOPT_ISSUERCERT was + used This release includes the following known bugs: @@ -26,6 +28,6 @@ Other curl-related news: This release would not have looked like this without help, code, reports and advice from friends like these: - + Yang Tse, Daniel Fandrich, Jim Meyering Thanks! (and sorry if I forgot to mention someone)