1
0
mirror of https://github.com/moparisthebest/curl synced 2025-01-04 18:38:03 -05:00
Commit Graph

22281 Commits

Author SHA1 Message Date
Daniel Stenberg
5d7952f52e url: fix buffer overwrite with file protocol (CVE-2017-9502)
Bug: https://github.com/curl/curl/issues/1540
Advisory: https://curl.haxx.se/docs/adv_20170614.html

Assisted-by: Ray Satiro
Reported-by: Marcel Raad
2017-06-13 09:34:20 +02:00
Daniel Stenberg
5fa028e508 urlglob: fix division by zero
The multiply() function that is used to avoid integer overflows, was
itself reason for a possible division by zero error when passed a
specially formatted glob.

Reported-by: GwanYeong Kim
2017-06-13 09:25:45 +02:00
Daniel Stenberg
f6dff827d3 configure: update the copyright year in the output 2017-06-12 08:42:30 +02:00
ygrek
ab1f4eb011 BINDINGS: update SP-Forth and OCaml urls 2017-06-12 00:43:20 +02:00
Michael Kaufmann
e8fecf2614 FindWin32CACert: Use a temporary buffer on the stack
Don't malloc() the temporary buffer, and use the correct type:
SearchPath() works with TCHAR, but SearchPathA() works with char.
Set the buffer size to MAX_PATH, because the terminating null byte
is already included in MAX_PATH.

Reviewed-by: Daniel Stenberg
Reviewed-by: Marcel Raad

Closes #1548
2017-06-11 17:32:02 +02:00
Dan Fandrich
916ec30a92 test1521: fixed OOM handling 2017-06-11 11:49:31 +02:00
Daniel Stenberg
4024a0b93b RELEASE-PROCEDURE: updated future release dates 2017-06-09 15:58:51 +02:00
Paul Harris
15b7b85759 gitignore: ignore all vim swap files
Closes #1561
2017-06-09 11:30:05 +02:00
Daniel Stenberg
b94a2cdfe6 lib1521: fix compiler warnings on the use of bad 'long' values
Reported-by: Marcel Raad
Bug: cccac4fb2b (commitcomment-22453387)
2017-06-09 01:02:12 +02:00
Daniel Stenberg
844896d064 setopt: check CURLOPT_ADDRESS_SCOPE option range
... and return error instead of triggering an assert() when being way
out of range.
2017-06-09 01:01:55 +02:00
TheAssassin
01596dbadf cmake: Fix inconsistency regarding mbed TLS include directory
Previously, one had to set MBEDTLS_INCLUDE_DIR to make CMake find the
headers, but the system complained that mbed TLS wasn't found due to
MBEDTLS_INCLUDE_DIRS (note the trailing s) was not set. This commit
attempts to fix that.

Closes https://github.com/curl/curl/pull/1541
2017-06-08 18:30:09 -04:00
Ryuichi KAWAMATA
bc164de7b3 examples/multi-uv.c: fix deprecated symbol
Closes #1557
2017-06-08 23:23:59 +02:00
Daniel Stenberg
6c59074528 asyn-ares: s/Curl_expire_latest/Curl_expire 2017-06-08 11:06:19 +02:00
Daniel Stenberg
7fffe97b78 expire: remove Curl_expire_latest()
With the introduction of expire IDs and the fact that existing timers
can be removed now and thus never expire, the concept with adding a
"latest" timer is not working anymore as it risks to not expire at all.

So, to be certain the timers actually are in line and will expire, the
plain Curl_expire() needs to be used. The _latest() function was added
as a sort of shortcut in the past that's quite simply not necessary
anymore.

Follow-up to 31b39c40cf

Reported-by: Paul Harris

Closes #1555
2017-06-08 10:50:47 +02:00
Chris Carlmar
165b7f5099 configure: fix link with librtmp when specifying path
Bug: https://curl.haxx.se/mail/lib-2017-06/0017.html
2017-06-07 23:34:24 +02:00
Daniel Stenberg
68c6dcb2cb file: make speedcheck use current time for checks
... as it would previously just get the "now" timestamp before the
transfer starts and then not update it again.

Closes #1550
2017-06-07 23:01:09 +02:00
Daniel Stenberg
f7ee701c61 metalink: remove unused printf() argument 2017-06-07 14:35:26 +02:00
Daniel Stenberg
e100afb4d8 travis: let some builds *not* use --enable-debug
typecheck-gcc and other things require optimized builds

Closes #1544
2017-06-06 14:40:57 +02:00
Daniel Stenberg
bacb909e13 README.md: show the coverall coverage on github 2017-06-06 14:40:57 +02:00
Daniel Stenberg
de0adda78c lib1521: fix compiler warnings 2017-06-06 00:21:38 +02:00
Daniel Stenberg
798b2e1964 test1521: make the code < 80 columns wide 2017-06-05 15:21:26 +02:00
Daniel Stenberg
38125e7f7e test1121: use stricter types to work with typcheck-gcc 2017-06-05 14:56:32 +02:00
Daniel Stenberg
b8085f493a typecheck-gcc: allow CURLOPT_STDERR to be NULL too 2017-06-05 14:56:26 +02:00
Daniel Stenberg
cccac4fb2b test1521: test *all* curl_easy_setopt options
mk-lib1521.pl generates a test program (lib1521.c) that calls
curl_easy_setopt() for every known option with a few typical values to
make sure they work (ignoring the return codes).

Some small changes were necessary to avoid asserts and NULL accesses
when doing this.

The perl script needs to be manually rerun when we add new options.

Closes #1543
2017-06-05 14:25:18 +02:00
Dan Fandrich
b95a07ea59 test1538: added "verbose logs" keyword
These error messages are not displayed with --disable-verbose
2017-06-05 11:26:39 +02:00
Daniel Stenberg
1573ebee8a test1262: verify ftp download with -z for "if older than this" 2017-06-05 10:33:51 +02:00
Marcel Raad
7960442730
curl_ntlm_core: use Curl_raw_toupper instead of toupper
This was the only remaining use of toupper in the entire source code.

Suggested-by: Daniel Stenberg
2017-06-05 00:27:29 +02:00
Daniel Stenberg
6b9f4f7f0f RELEASE-NOTES: synced with 65ba92650 2017-06-04 23:34:44 +02:00
Marcel Raad
892c5e4cb3
curl_ntlm_core: pass unsigned char to toupper
Otherwise, clang on Cygwin64 warns:
curl_ntlm_core.c:525:35: error: array subscript is of type 'char'
[-Werror,-Wchar-subscripts]
    dest[2 * i] = (unsigned char)(toupper(src[i]));
                                  ^~~~~~~~~~~~~~~
/usr/include/ctype.h:152:25: note: expanded from macro 'toupper'
      (void) __CTYPE_PTR[__x]; (toupper) (__x);})
                        ^~~~
2017-06-04 16:46:03 +02:00
Mahmoud Samir Fayed
65ba92650d BINDINGS: add Ring binding
Closes https://github.com/curl/curl/pull/1539
2017-06-03 23:53:51 -04:00
Daniel Stenberg
c3ad22697c CONTRIBUTE.md: mention tests done on pull requests 2017-06-04 00:21:59 +02:00
Daniel Stenberg
7bbb78c741 travis: add coverage, distcheck and cmake builds
Closes #1534
2017-06-04 00:16:41 +02:00
Marcel Raad
a1b275a41e
libtest: fix int-in-bool-context warnings
GCC 7 complained:
‘*’ in boolean context, suggest ‘&&’ instead [-Wint-in-bool-context]
2017-06-03 20:18:34 +02:00
Marcel Raad
0932573e7c
libtest: fix implicit-fallthrough warnings with GCC 7 2017-06-03 20:12:23 +02:00
Marcel Raad
15136a5268
x509asn1: fix implicit-fallthrough warning with GCC 7 2017-06-03 20:10:52 +02:00
Marcel Raad
f8518059ce
curl_sasl: fix unused-variable warning
This fixes the following warning with CURL_DISABLE_CRYPTO_AUTH,
as seen in the autobuilds:

curl_sasl.c:417:9: warning: unused variable 'serverdata'
[-Wunused-variable]
2017-06-03 11:59:38 +02:00
Daniel Stenberg
191349eb75 updatemanpages.pl: error out on too old git version 2017-06-03 00:45:31 +02:00
Marcel Raad
7207affe28
cyassl: define build macros before including ssl.h
cyassl/ssl.h needs the macros from cyassl/options.h, so define them
before including cyassl/ssl.h the first time, which happens in
urldata.h.
This broke the build on Ubuntu Xenial, which comes with WolfSSL 3.4.8
and therefore redefines the symbols from cyassl/options.h instead of
including the header.

Closes https://github.com/curl/curl/pull/1536
2017-06-03 00:39:46 +02:00
Daniel Stenberg
5233de9ac6 tool_util: remove unused tvdiff_secs and remove tool_ prefix
Closes #1532
2017-06-03 00:11:59 +02:00
Daniel Stenberg
cfd3e8f399 dedotdot: fixed output for ".." and "." only input
Found when updating test 1395, which I did to increase test coverage of
this source file...

Closes #1535
2017-06-03 00:11:51 +02:00
Marcel Raad
10e02bc36a
mbedtls: make TU-local variable static
mbedtls_x509_crt_profile_fr is only used locally.
This fixes a missing-variable-declarations warning with clang.
2017-06-02 22:05:01 +02:00
Marcel Raad
769890c7e2
MD(4|5): silence cast-align clang warning
Unaligned access is on purpose here and the warning is harmless on
affected architectures. GCC knows that, while clang warns on all
architectures.
2017-06-02 21:58:48 +02:00
Daniel Stenberg
61d4870dc9 test1538: fix typo 2017-06-02 15:52:59 +02:00
Daniel Stenberg
cef9c9e782 test1538: verify the libcurl strerror API calls 2017-06-02 13:52:55 +02:00
Daniel Stenberg
4ba20a5119 curl_endian: remove unused functions
Closes #1529
2017-06-02 13:30:41 +02:00
Daniel Stenberg
9b2dfe88bb test1537: dedicated tests of the URL (un)escape API calls
Closes #1530
2017-06-02 13:16:18 +02:00
Daniel Stenberg
b5e143e7a5 coverage: run event tests too
... the torture ones are commented out only because they are slooooow.
2017-06-02 13:15:06 +02:00
Daniel Stenberg
f6e0f4556e build: provide easy code coverage measuring
Closes #1528
2017-06-02 13:15:06 +02:00
Daniel Stenberg
efc7c1d86f typecheck-gcc.h: check CURLINFO_CERTINFO
... and update the certinfo.c example accordingly.

Fixes https://github.com/curl/curl/issues/846
2017-06-01 21:06:09 +02:00
Daniel Stenberg
4eafc6c249 typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION
... so that they get the required "struct curl_tlssessioninfo **"
arguments.
2017-06-01 21:06:09 +02:00