Max Dymond
f786d1f143
ftplistparser: free off temporary memory always
...
When using the FTP list parser, ensure that the memory that's
allocated is always freed.
Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682
Closes #2013
2017-10-25 18:44:47 +02:00
Daniel Stenberg
b9d25f9a6b
timediff: return timediff_t from the time diff functions
...
... to cater for systems with unsigned time_t variables.
- Renamed the functions to curlx_timediff and Curl_timediff_us.
- Added overflow protection for both of them in either direction for
both 32 bit and 64 bit time_ts
- Reprefixed the curlx_time functions to use Curl_*
Reported-by: Peter Piekarski
Fixes #2004
Closes #2005
2017-10-25 09:54:37 +02:00
Paul Howarth
016c6a6abb
libtest: Add required test libraries for lib1552 and lib1553
...
They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too.
This fixes build failures on Fedora 13.
Closes #2006
2017-10-24 13:29:31 +02:00
Alessandro Ghedini
7408570bf0
libcurl-tutorial.3: fix typo
...
closes #2008
2017-10-24 13:27:41 +02:00
Alessandro Ghedini
f6535791fa
curl_mime_filedata.3: fix typos
2017-10-23 23:23:23 +01:00
Daniel Stenberg
6746f8aa97
RELEASE-NOTES: clean slate towards 7.57.0
2017-10-23 13:33:04 +02:00
Max Dymond
2de63ab179
travis: exit if any steps fail
...
We don't expect any steps to fail in travis. Exit the script if they do.
Closes #1966
2017-10-23 08:59:38 +02:00
Daniel Stenberg
c514af5a4f
RELEASE-NOTES: 7.56.1
2017-10-23 07:51:20 +02:00
Daniel Stenberg
adbfb42889
THANKS: update at 7.56.1 release time
2017-10-23 07:51:20 +02:00
Jon DeVree
fdd879d549
mk-ca-bundle: Remove URL for aurora
...
Aurora is no longer used by Mozilla
https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/
2017-10-22 23:38:31 +02:00
Jon DeVree
f571651a0d
mk-ca-bundle: Fix URL for NSS
...
The 'tip' is the most recent branch committed to, this should be
'default' like the URLs for the browser are.
Closes #1998
2017-10-22 23:38:23 +02:00
Daniel Stenberg
13c9a9ded3
imap: if a FETCH response has no size, don't call write callback
...
CVE-2017-1000257
Reported-by: Brian Carpenter and 0xd34db347
Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
2017-10-22 16:02:43 +02:00
Daniel Stenberg
769647e714
ftp: reject illegal IP/port in PASV 227 response
...
... by using range checks. Among other things, this avoids an undefined
behavior for a left shift that could happen on negative or very large
values.
Closes #1997
Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
2017-10-20 15:06:25 +02:00
Patrick Monnerat
8351ab4510
test653: check reuse of easy handle after mime data change
...
See issue #1999
2017-10-20 14:01:14 +01:00
Patrick Monnerat
cea27d3454
mime: do not reuse previously computed multipart size
...
The contents might have changed: size must be recomputed.
Reported-by: moteus on github
Fixes #1999
2017-10-20 13:57:12 +01:00
Patrick Monnerat
aeaa22de8e
test308: disable if MultiSSL feature enabled
...
Even if OpenSSL is enabled, it might not be the default backend when
multi-ssl is enabled, causing the test to fail.
2017-10-19 20:16:05 +01:00
Patrick Monnerat
7363d5a928
runtests: support MultiSSL client feature
2017-10-19 20:15:21 +01:00
Patrick Monnerat
8aee8a6a2d
vtls: change struct Curl_ssl close' field name to
close_one'.
...
On OS/400, `close' is an ASCII system macro that corrupts the code if
not used in a context not targetting the close() system API.
2017-10-19 19:55:17 +01:00
Patrick Monnerat
a4fc19eb4d
os400: add missing symbols in config file.
...
Also adjust makefile to renamed files and warn about installation dirs mix-up.
2017-10-19 18:48:21 +01:00
Patrick Monnerat
34def509ef
test652: curl_mime_data + base64 encoder with large contents
2017-10-19 18:37:19 +01:00
Patrick Monnerat
a8742efe42
mime: limit bas64-encoded lines length to 76 characters
2017-10-19 18:33:27 +01:00
Daniel Stenberg
2509395ecf
RELEASE-NOTES: synced with f121575c0
2017-10-16 11:07:30 +02:00
Daniel Stenberg
f121575c0b
setopt: range check most long options
...
... filter early instead of risking "funny values" having to be dealt
with elsewhere.
2017-10-16 09:23:33 +02:00
Daniel Stenberg
172ce9cc19
setopt: avoid integer overflows when setting millsecond values
...
... that are multiplied by 1000 when stored.
For 32 bit long systems, the max value accepted (2147483 seconds) is >
596 hours which is unlikely to ever be set by a legitimate application -
and previously it didn't work either, it just caused undefined behavior.
Also updated the man pages for these timeout options to mention the
return code.
Closes #1938
2017-10-16 09:23:19 +02:00
Viktor Szakats
4440b6ad57
makefile.m32: allow to override gcc, ar and ranlib
...
Allow to ovverride certain build tools, making it possible to
use LLVM/Clang to build curl. The default behavior is unchanged.
To build with clang (as offered by MSYS2), these settings can
be used:
CURL_CC=clang
CURL_AR=llvm-ar
CURL_RANLIB=llvm-ranlib
Closes https://github.com/curl/curl/pull/1993
2017-10-15 19:42:32 +00:00
Viktor Szakats
748f5301c0
ldap: silence clang warning
...
Use memset() to initialize a structure to avoid LLVM/Clang warning:
ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers]
Closes https://github.com/curl/curl/pull/1992
2017-10-15 15:59:43 +00:00
Daniel Stenberg
ed0b6b18f6
runtests: use valgrind for torture as well
...
NOTE: it makes them terribly slow. I recommend only using valgrind for
specific torture tests or using lots of patience.
2017-10-14 17:40:21 +02:00
Daniel Stenberg
ad164eceb3
memdebug: trace send, recv and socket
...
... to allow them to be included in torture tests too.
closes #1980
2017-10-14 17:40:12 +02:00
Daniel Stenberg
4af3c777a9
configure: remove the C++ compiler check
...
... we used it only for the fuzzer, which we now have in a separate git
repo.
Closes #1990
2017-10-14 17:30:42 +02:00
Patrick Monnerat
d7e4230538
mime: do not call failf() if easy handle is NULL.
2017-10-13 17:16:57 +01:00
Daniel Stenberg
10a659dbf6
test651: curl_formadd with huge COPYCONTENTS
2017-10-13 07:55:47 +02:00
Daniel Stenberg
5f9e2ca09b
mime: fix the content reader to handle >16K data properly
...
Reported-by: Jeroen Ooms
Closes #1988
2017-10-13 07:55:10 +02:00
Patrick Monnerat
0401734dfd
mime: keep "text/plain" content type if user-specified.
...
Include test cases in 554, 587, 650.
Fixes https://github.com/curl/curl/issues/1986
2017-10-12 19:36:16 +01:00
Patrick Monnerat
56509055d2
cli tool: use file2memory() to buffer stdin in -F option.
...
Closes PR https://github.com/curl/curl/pull/1985
2017-10-12 16:42:02 +01:00
Patrick Monnerat
665b3e48bc
cli tool: reimplement stdin buffering in -F option.
...
If stdin is not a regular file, its content is memory-buffered to enable
a possible data "rewind".
In all cases, stdin data size is determined before real use to avoid
having an unknown part's size.
--libcurl generated code is left as an unbuffered stdin fread/fseek callback
part with unknown data size.
Buffering is not supported in deprecated curl_formadd() API.
2017-10-12 14:25:59 +01:00
Daniel Stenberg
f64c05278e
winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
2017-10-12 13:54:00 +02:00
Daniel Stenberg
46ffcd07cb
HELP-US: the label "PR-welcome" is now renamed to "help wanted"
...
following the new github "standard"
2017-10-12 09:50:52 +02:00
Daniel Stenberg
35ad79dcdd
RELEASE-NOTES: synced with 5505df7d2
2017-10-11 12:07:29 +02:00
Artak Galoyan
5505df7d24
url: Update current connection SSL verify params in setopt
...
Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active
connection updates the current connection's (i.e.'connectdata'
structure) appropriate ssl_config (and ssl_proxy_config) structures
variables, making these options effective for ongoing connection.
This functionality was available before and was broken by the
following change:
"proxy: Support HTTPS proxy and SOCKS+HTTP(s)"
CommitId: cb4e2be7c6
.
Bug: https://github.com/curl/curl/issues/1941
Closes https://github.com/curl/curl/pull/1951
2017-10-11 03:14:26 -04:00
David Benjamin
de7597f155
openssl: don't use old BORINGSSL_YYYYMM macros
...
Those were temporary things we'd add and remove for our own convenience
long ago. The last few stayed around for too long as an oversight but
have since been removed. These days we have a running
BORINGSSL_API_VERSION counter which is bumped when we find it
convenient, but 2015-11-19 was quite some time ago, so just check
OPENSSL_IS_BORINGSSL.
Closes #1979
2017-10-11 08:12:19 +02:00
Daniel Stenberg
06bba26e37
test950; verify SMTP with custom request
2017-10-10 23:00:53 +02:00
Daniel Stenberg
b20df57326
ftpserver: support case insensitive commands
2017-10-10 23:00:52 +02:00
Daniel Stenberg
38ab7b4ccb
smtp_done: free data before returning (on send failure)
...
... as otherwise it could leak that memory.
Detected by OSS-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600
Assisted-by: Max Dymond
Closes #1977
2017-10-10 22:56:50 +02:00
Daniel Stenberg
ecf21c551f
FTP: URL decode path for dir listing in nocwd mode
...
Reported-by: Zenju on github
Test 244 added to verify
Fixes #1974
Closes #1976
2017-10-10 15:02:38 +02:00
Daniel Stenberg
00fb811e2b
test298: verify --ftp-method nowcwd with URL encoded path
...
Ref: #1974
2017-10-09 22:50:40 +02:00
Daniel Stenberg
f8e593887e
CURLOPT_XFERINFODATA.3: fix duplicate see also
2017-10-09 16:24:36 +02:00
Daniel Stenberg
d895a83a3b
CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
2017-10-09 16:24:19 +02:00
Daniel Stenberg
7f555dc5a4
FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
2017-10-09 16:13:27 +02:00
Daniel Stenberg
62a721ea47
openssl: enable PKCS12 support for !BoringSSL
...
Enable PKCS12 for all non-boringssl builds without relying on configure
or cmake checks.
Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html
Reported-by: Christian Schmitz
Closes #1948
2017-10-09 11:29:53 +02:00
Kristiyan Tsaklev
c95c92da75
curl: don't pass semicolons when parsing Content-Disposition
...
Test 1422 updated to verify.
Closes #1964
2017-10-09 10:37:27 +02:00