Daniel Stenberg
5d7952f52e
url: fix buffer overwrite with file protocol (CVE-2017-9502)
...
Bug: https://github.com/curl/curl/issues/1540
Advisory: https://curl.haxx.se/docs/adv_20170614.html
Assisted-by: Ray Satiro
Reported-by: Marcel Raad
2017-06-13 09:34:20 +02:00
Daniel Stenberg
5fa028e508
urlglob: fix division by zero
...
The multiply() function that is used to avoid integer overflows, was
itself reason for a possible division by zero error when passed a
specially formatted glob.
Reported-by: GwanYeong Kim
2017-06-13 09:25:45 +02:00
Daniel Stenberg
f6dff827d3
configure: update the copyright year in the output
2017-06-12 08:42:30 +02:00
ygrek
ab1f4eb011
BINDINGS: update SP-Forth and OCaml urls
2017-06-12 00:43:20 +02:00
Michael Kaufmann
e8fecf2614
FindWin32CACert: Use a temporary buffer on the stack
...
Don't malloc() the temporary buffer, and use the correct type:
SearchPath() works with TCHAR, but SearchPathA() works with char.
Set the buffer size to MAX_PATH, because the terminating null byte
is already included in MAX_PATH.
Reviewed-by: Daniel Stenberg
Reviewed-by: Marcel Raad
Closes #1548
2017-06-11 17:32:02 +02:00
Dan Fandrich
916ec30a92
test1521: fixed OOM handling
2017-06-11 11:49:31 +02:00
Daniel Stenberg
4024a0b93b
RELEASE-PROCEDURE: updated future release dates
2017-06-09 15:58:51 +02:00
Paul Harris
15b7b85759
gitignore: ignore all vim swap files
...
Closes #1561
2017-06-09 11:30:05 +02:00
Daniel Stenberg
b94a2cdfe6
lib1521: fix compiler warnings on the use of bad 'long' values
...
Reported-by: Marcel Raad
Bug: cccac4fb2b (commitcomment-22453387)
2017-06-09 01:02:12 +02:00
Daniel Stenberg
844896d064
setopt: check CURLOPT_ADDRESS_SCOPE option range
...
... and return error instead of triggering an assert() when being way
out of range.
2017-06-09 01:01:55 +02:00
TheAssassin
01596dbadf
cmake: Fix inconsistency regarding mbed TLS include directory
...
Previously, one had to set MBEDTLS_INCLUDE_DIR to make CMake find the
headers, but the system complained that mbed TLS wasn't found due to
MBEDTLS_INCLUDE_DIRS (note the trailing s) was not set. This commit
attempts to fix that.
Closes https://github.com/curl/curl/pull/1541
2017-06-08 18:30:09 -04:00
Ryuichi KAWAMATA
bc164de7b3
examples/multi-uv.c: fix deprecated symbol
...
Closes #1557
2017-06-08 23:23:59 +02:00
Daniel Stenberg
6c59074528
asyn-ares: s/Curl_expire_latest/Curl_expire
2017-06-08 11:06:19 +02:00
Daniel Stenberg
7fffe97b78
expire: remove Curl_expire_latest()
...
With the introduction of expire IDs and the fact that existing timers
can be removed now and thus never expire, the concept with adding a
"latest" timer is not working anymore as it risks to not expire at all.
So, to be certain the timers actually are in line and will expire, the
plain Curl_expire() needs to be used. The _latest() function was added
as a sort of shortcut in the past that's quite simply not necessary
anymore.
Follow-up to 31b39c40cf
Reported-by: Paul Harris
Closes #1555
2017-06-08 10:50:47 +02:00
Chris Carlmar
165b7f5099
configure: fix link with librtmp when specifying path
...
Bug: https://curl.haxx.se/mail/lib-2017-06/0017.html
2017-06-07 23:34:24 +02:00
Daniel Stenberg
68c6dcb2cb
file: make speedcheck use current time for checks
...
... as it would previously just get the "now" timestamp before the
transfer starts and then not update it again.
Closes #1550
2017-06-07 23:01:09 +02:00
Daniel Stenberg
f7ee701c61
metalink: remove unused printf() argument
2017-06-07 14:35:26 +02:00
Daniel Stenberg
e100afb4d8
travis: let some builds *not* use --enable-debug
...
typecheck-gcc and other things require optimized builds
Closes #1544
2017-06-06 14:40:57 +02:00
Daniel Stenberg
bacb909e13
README.md: show the coverall coverage on github
2017-06-06 14:40:57 +02:00
Daniel Stenberg
de0adda78c
lib1521: fix compiler warnings
2017-06-06 00:21:38 +02:00
Daniel Stenberg
798b2e1964
test1521: make the code < 80 columns wide
2017-06-05 15:21:26 +02:00
Daniel Stenberg
38125e7f7e
test1121: use stricter types to work with typcheck-gcc
2017-06-05 14:56:32 +02:00
Daniel Stenberg
b8085f493a
typecheck-gcc: allow CURLOPT_STDERR to be NULL too
2017-06-05 14:56:26 +02:00
Daniel Stenberg
cccac4fb2b
test1521: test *all* curl_easy_setopt options
...
mk-lib1521.pl generates a test program (lib1521.c) that calls
curl_easy_setopt() for every known option with a few typical values to
make sure they work (ignoring the return codes).
Some small changes were necessary to avoid asserts and NULL accesses
when doing this.
The perl script needs to be manually rerun when we add new options.
Closes #1543
2017-06-05 14:25:18 +02:00
Dan Fandrich
b95a07ea59
test1538: added "verbose logs" keyword
...
These error messages are not displayed with --disable-verbose
2017-06-05 11:26:39 +02:00
Daniel Stenberg
1573ebee8a
test1262: verify ftp download with -z for "if older than this"
2017-06-05 10:33:51 +02:00
Marcel Raad
7960442730
curl_ntlm_core: use Curl_raw_toupper instead of toupper
...
This was the only remaining use of toupper in the entire source code.
Suggested-by: Daniel Stenberg
2017-06-05 00:27:29 +02:00
Daniel Stenberg
6b9f4f7f0f
RELEASE-NOTES: synced with 65ba92650
2017-06-04 23:34:44 +02:00
Marcel Raad
892c5e4cb3
curl_ntlm_core: pass unsigned char to toupper
...
Otherwise, clang on Cygwin64 warns:
curl_ntlm_core.c:525:35: error: array subscript is of type 'char'
[-Werror,-Wchar-subscripts]
dest[2 * i] = (unsigned char)(toupper(src[i]));
^~~~~~~~~~~~~~~
/usr/include/ctype.h:152:25: note: expanded from macro 'toupper'
(void) __CTYPE_PTR[__x]; (toupper) (__x);})
^~~~
2017-06-04 16:46:03 +02:00
Mahmoud Samir Fayed
65ba92650d
BINDINGS: add Ring binding
...
Closes https://github.com/curl/curl/pull/1539
2017-06-03 23:53:51 -04:00
Daniel Stenberg
c3ad22697c
CONTRIBUTE.md: mention tests done on pull requests
2017-06-04 00:21:59 +02:00
Daniel Stenberg
7bbb78c741
travis: add coverage, distcheck and cmake builds
...
Closes #1534
2017-06-04 00:16:41 +02:00
Marcel Raad
a1b275a41e
libtest: fix int-in-bool-context warnings
...
GCC 7 complained:
‘*’ in boolean context, suggest ‘&&’ instead [-Wint-in-bool-context]
2017-06-03 20:18:34 +02:00
Marcel Raad
0932573e7c
libtest: fix implicit-fallthrough warnings with GCC 7
2017-06-03 20:12:23 +02:00
Marcel Raad
15136a5268
x509asn1: fix implicit-fallthrough warning with GCC 7
2017-06-03 20:10:52 +02:00
Marcel Raad
f8518059ce
curl_sasl: fix unused-variable warning
...
This fixes the following warning with CURL_DISABLE_CRYPTO_AUTH,
as seen in the autobuilds:
curl_sasl.c:417:9: warning: unused variable 'serverdata'
[-Wunused-variable]
2017-06-03 11:59:38 +02:00
Daniel Stenberg
191349eb75
updatemanpages.pl: error out on too old git version
2017-06-03 00:45:31 +02:00
Marcel Raad
7207affe28
cyassl: define build macros before including ssl.h
...
cyassl/ssl.h needs the macros from cyassl/options.h, so define them
before including cyassl/ssl.h the first time, which happens in
urldata.h.
This broke the build on Ubuntu Xenial, which comes with WolfSSL 3.4.8
and therefore redefines the symbols from cyassl/options.h instead of
including the header.
Closes https://github.com/curl/curl/pull/1536
2017-06-03 00:39:46 +02:00
Daniel Stenberg
5233de9ac6
tool_util: remove unused tvdiff_secs and remove tool_ prefix
...
Closes #1532
2017-06-03 00:11:59 +02:00
Daniel Stenberg
cfd3e8f399
dedotdot: fixed output for ".." and "." only input
...
Found when updating test 1395, which I did to increase test coverage of
this source file...
Closes #1535
2017-06-03 00:11:51 +02:00
Marcel Raad
10e02bc36a
mbedtls: make TU-local variable static
...
mbedtls_x509_crt_profile_fr is only used locally.
This fixes a missing-variable-declarations warning with clang.
2017-06-02 22:05:01 +02:00
Marcel Raad
769890c7e2
MD(4|5): silence cast-align clang warning
...
Unaligned access is on purpose here and the warning is harmless on
affected architectures. GCC knows that, while clang warns on all
architectures.
2017-06-02 21:58:48 +02:00
Daniel Stenberg
61d4870dc9
test1538: fix typo
2017-06-02 15:52:59 +02:00
Daniel Stenberg
cef9c9e782
test1538: verify the libcurl strerror API calls
2017-06-02 13:52:55 +02:00
Daniel Stenberg
4ba20a5119
curl_endian: remove unused functions
...
Closes #1529
2017-06-02 13:30:41 +02:00
Daniel Stenberg
9b2dfe88bb
test1537: dedicated tests of the URL (un)escape API calls
...
Closes #1530
2017-06-02 13:16:18 +02:00
Daniel Stenberg
b5e143e7a5
coverage: run event tests too
...
... the torture ones are commented out only because they are slooooow.
2017-06-02 13:15:06 +02:00
Daniel Stenberg
f6e0f4556e
build: provide easy code coverage measuring
...
Closes #1528
2017-06-02 13:15:06 +02:00
Daniel Stenberg
efc7c1d86f
typecheck-gcc.h: check CURLINFO_CERTINFO
...
... and update the certinfo.c example accordingly.
Fixes https://github.com/curl/curl/issues/846
2017-06-01 21:06:09 +02:00
Daniel Stenberg
4eafc6c249
typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION
...
... so that they get the required "struct curl_tlssessioninfo **"
arguments.
2017-06-01 21:06:09 +02:00