moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
15,685 Commits 10 Branches 144 Tags 113 MiB
Commit Graph

55 Commits

Author SHA1 Message Date
Yang Tse 13606bbfde build: make use of 93 lib/*.c renamed files 
93 *.c source files renamed to use our standard naming scheme.

This change affects 77 files in libcurl's source tree.
 2013-01-03 05:50:26 +01:00
Yang Tse f871de0064 build: make use of 76 lib/*.h renamed files 
76 private header files renamed to use our standard naming scheme.

This change affects 322 files in libcurl's source tree.
 2012-12-28 19:37:11 +01:00
Daniel Stenberg 75ca568fa1 URL sanitize: reject URLs containing bad data 
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
decoded manner now use the new Curl_urldecode() function to reject URLs
with embedded control codes (anything that is or decodes to a byte value
less than 32).

URLs containing such codes could easily otherwise be used to do harm and
allow users to do unintended actions with otherwise innocent tools and
applications. Like for example using a URL like
pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
a mail and instead this would delete one.

This flaw is considered a security vulnerability: CVE-2012-0036

Security advisory at: http://curl.haxx.se/docs/adv_20120124.html

Reported by: Dan Fandrich
 2012-01-24 08:54:26 +01:00
Yang Tse f1586cb477 stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.h 2011-07-26 17:23:27 +02:00
Yang Tse 30c9799f72 compiler warning: fix 
Fix compiler warning: expression has no effect
 2011-05-23 16:55:09 +02:00
Daniel Stenberg b903186fa0 source cleanup: unify look, style and indent levels 
By the use of a the new lib/checksrc.pl script that checks that our
basic source style rules are followed.
 2011-04-27 09:09:35 +02:00
Daniel Stenberg c828646f60 CURL_DOES_CONVERSIONS: cleanup 
Massively reduce #ifdefs all over (23 #ifdef lines less so far)
Moved conversion-specific code to non-ascii.c
 2011-04-20 00:50:07 +02:00
Daniel Stenberg 5df13c3173 curl_easy_escape: don't escape "unreserved" characters 
According to RFC3986 section 2.3 the letters -, ., _ and ~ should not be
percent-encoded.

Reported by: Miguel Diaz
Bug: http://curl.haxx.se/mail/lib-2010-09/0227.html
 2010-09-28 23:49:32 +02:00
Daniel Stenberg 2309b4e330 remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
Yang Tse 5695c4db86 fix compiler warning 2010-02-24 00:03:06 +00:00
Daniel Stenberg 33ce0ec1f1 wrap long lines and do some indent policing 2010-01-22 23:21:39 +00:00
Yang Tse 33a3753c3f libcurl's memory.h renamed to curl_memory.h 2009-04-21 11:46:16 +00:00
Dan Fandrich 95456b8e78 Added const to some pointer variables 2008-10-08 01:17:51 +00:00
Dan Fandrich c98ab69cc7 Factored out Curl_isalnum 2008-09-09 21:15:50 +00:00
Daniel Stenberg cbd1a77ec2 if () => if() 
while () => while()
and some other minor re-indentings
 2007-11-07 09:21:35 +00:00
Daniel Stenberg ec08e2f9f2 Alex Fishman reported a curl_easy_escape() problem that was made the 
function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a
signed / unsigned mistake in the code. I fixed it and added test case 543 to
verify.
 2007-09-30 22:40:24 +00:00
Dan Fandrich 523767660c Fixed some minor mismatched types found by splint. 2007-08-26 05:53:26 +00:00
Daniel Stenberg 1926f4573d Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on 
non-ASCII systems.
 2007-08-04 20:47:59 +00:00
Daniel Stenberg 44d84ac164 Avoid typecasting a signed char to an int when using is*() functions, as that 
could very well cause a negate number get passed in and thus cause reading
outside of the array usually used for this purpose.

We avoid this by using the uppercase macro versions introduced just now that
does some extra crazy typecasts to avoid byte codes > 127 to cause negative
int values.
 2006-10-17 21:32:56 +00:00
Daniel Stenberg 5a4b43848a First commit of David McCreedy's EBCDIC and TPF changes. 2006-04-07 21:50:47 +00:00
Daniel Stenberg 090b89cc76 Variable type cleanups to please the picky MIPSPro compiler. 2004-07-01 08:10:21 +00:00
Daniel Stenberg cf10df6c68 include header for our printfs 2004-06-24 14:35:45 +00:00
Daniel Stenberg feb2dd2835 Replaced all uses of sprintf() with the safer snprintf(). It is just a 
precaution to prevent mistakes to lead to buffer overflows.
 2004-06-24 11:54:11 +00:00
Daniel Stenberg 5bf02b16a0 curl_free() doesn't free(NULL) but just returns 2004-05-13 15:16:36 +00:00
Daniel Stenberg c123676825 return NULL on out of memory 2004-05-12 13:04:30 +00:00
Daniel Stenberg bbafb2eb27 curl_global_init_mem() allows the memory functions to be replaced. 
memory.h is included everywhere for this.
 2004-05-11 11:30:23 +00:00
Daniel Stenberg a684c51c9b size_t/int/long fixes 2004-03-08 08:38:29 +00:00
Daniel Stenberg 4d17d6876e Dan Fandrich's cleanup patch to make pedantic compiler options cause less 
warnings. Minor edits by me.
 2004-01-29 13:56:45 +00:00
Daniel Stenberg 053f6c85ef updated year in the copyright string 2004-01-07 09:19:33 +00:00
Daniel Stenberg 2bd71d70ff use CURLDEBUG instead of MALLOCDEBUG 2003-06-26 06:50:32 +00:00
Daniel Stenberg 2356325592 David Balazic pointed out the lack of checks for a valid %XX code when 
we unescape a string. We now check and decode only valid %XX strings.
 2003-05-21 15:53:59 +00:00
Daniel Stenberg a7c72b7abf removed the local variables for emacs and vim, use the new sample.emacs 
way for emacs, and vim users should provide a similar non-polluting style
 2003-01-29 10:14:20 +00:00
Daniel Stenberg f26a338a54 copyright year update in the source header 2003-01-16 21:08:12 +00:00
Jean-Philippe Barette-LaPierre 6a7e53a7c7 fixed a very, very rare and very, very little memory leak 2003-01-08 02:27:47 +00:00
Daniel Stenberg 6883f0c49f Walter J. Mack added curl_free 2002-09-25 12:26:07 +00:00
Daniel Stenberg ba4e69bebc updated source code boilerplate/header 2002-09-03 11:52:59 +00:00
Daniel Stenberg 2f8e7f56b3 ignore '+' in URLs, generate only %-codes 2002-06-26 07:15:31 +00:00
Daniel Stenberg 974f314f57 copyright string (year) update 2002-03-19 07:54:55 +00:00
Sterling Hughes 8e91d5de8e looks nicer and is better compatible with older vim versions 2001-10-11 09:32:19 +00:00
Sterling Hughes 6147879837 Added formatting sections for emacs and vim 2001-09-07 04:01:32 +00:00
Daniel Stenberg 08655d8d5d Georg Huettenegger's patch curl-7.8.1-pre5-patch-20010819 2001-08-21 13:18:07 +00:00
Daniel Stenberg 7b4b166718 added typecasts when converting from unsigned int to int 2001-08-14 08:20:17 +00:00
Daniel Stenberg 2827f5327a curl_escape() no longer attempts to detect already encoded stuff (in order 
not to re-encode it).
 2001-08-05 12:34:07 +00:00
Daniel Stenberg 84e71e1c50 Andrés García fixed curl_escape() 2001-04-07 18:35:28 +00:00
Daniel Stenberg 58085dbbf6 Jim Drash suggested and I made it not encode what looks like an already 
encoded letter (in curl_escape)
 2001-03-22 18:06:08 +00:00
Daniel Stenberg f8d883355d the new escape/unescape function setup 2001-03-22 11:40:58 +00:00
Daniel Stenberg 0dc8c4d451 use unsigned int hex to receive the hex digit in, caused a warning with 
-Wall and a new gcc
 2001-03-09 15:11:39 +00:00
Daniel Stenberg 24dee483e9 dual-license fix 2001-01-03 09:29:33 +00:00
Daniel Stenberg b734bc37eb curl_unescape() did not stop at the set length properly when %-codes were 
used
 2000-11-21 19:01:53 +00:00
Daniel Stenberg 0f8facb49b added memory debugging include file 2000-10-09 11:12:34 +00:00