moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-05 09:05:04 -05:00
Code Issues Releases Wiki Activity
24,758 Commits 10 Branches 144 Tags 113 MiB
a50c3d7fa0
Commit Graph

24758 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Stenberg
9069838b30
security:read_data fix bad realloc() 
... that could end up a double-free

CVE-2019-5481
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
 2019-09-09 08:14:34 +02:00
Thomas Vegas
facb0e4662
tftp: Alloc maximum blksize, and use default unless OACK is received 
Fixes potential buffer overflow from 'recvfrom()', should the server
return an OACK without blksize.

Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
CVE-2019-5482
 2019-09-09 08:14:34 +02:00
Thomas Vegas
82f3ba3806
tftp: return error when packet is too small for options 2019-09-09 08:14:34 +02:00
Daniel Stenberg
0f37c8df12 KNOWN_BUGS/TODO: cleanup and remove outdated issues 2019-09-05 14:40:18 +02:00
Daniel Stenberg
04ac67a471
RELEASE-NOTES: synced 2019-09-04 11:17:14 +02:00
Daniel Stenberg
158dcb9f86
netrc: free 'home' on error 
Follow-up to f9c7ba9096

Coverity CID 1453474

Closes #4291
 2019-09-03 23:00:51 +02:00
Daniel Stenberg
4ac2884003
urldata: avoid 'generic', use dedicated pointers 
For the 'proto' union within the connectdata struct.

Closes #4290
 2019-09-03 23:00:51 +02:00
Daniel Stenberg
5050edb124
cleanup: move functions out of url.c and make them static 
Closes #4289
 2019-09-03 13:11:12 +02:00
Daniel Stenberg
4d0306c698
smtp: check for and bail out on too short EHLO response 
Otherwise, a three byte response would make the smtp_state_ehlo_resp()
function misbehave.

Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/16918

Assisted-by: Max Dymond

Closes #4287
 2019-09-03 08:25:23 +02:00
Daniel Stenberg
198b73d12c
smb: init *msg to NULL in smb_send_and_recv() 
... it might otherwise return OK from this function leaving that pointer
uninitialized.

Bug: https://crbug.com/oss-fuzz/16907

Closes #4286
 2019-09-02 23:06:48 +02:00
Daniel Stenberg
82a2168e61
ROADMAP: updated after recent user poll 
In rough prio order
 2019-09-02 09:49:31 +02:00
Daniel Stenberg
62ffab9dcb
THANKS: remove duplicate 2019-08-31 12:10:36 +02:00
Daniel Stenberg
84ced9389e
Curl_addr2string: take an addrlen argument too 
This allows the function to figure out if a unix domain socket has a
file name or not associated with it! When a socket is created with
socketpair(), as done in the fuzzer testing, the path struct member is
uninitialized and must not be accessed.

Bug: https://crbug.com/oss-fuzz/16699

Closes #4283
 2019-08-31 11:41:56 +02:00
Rolf Eike Beer
cd68dfe831
CMake: remove needless newlines at end of gss variables 2019-08-31 11:40:10 +02:00
Rolf Eike Beer
d05cee4b3a
CI: remove duplicate configure flag for LGTM.com 2019-08-31 11:40:09 +02:00
Rolf Eike Beer
3e7769a580
CMake: use platform dependent name for dlopen() library 
Closes #4279
 2019-08-31 11:39:47 +02:00
Daniel Stenberg
c30aff4f88
quiche: expire when poll returned data 
... to make sure we continue draining the queue until empty

Closes #4281
 2019-08-30 17:41:16 +02:00
Daniel Stenberg
4d9e324771
quiche: decrease available buffer size, don't assign it! 
Found-by: Jeremy Lainé
 2019-08-30 17:41:11 +02:00
Daniel Stenberg
db8f760319
RELEASE-NOTES: synced 2019-08-29 23:43:44 +02:00
lufia
4a90c5b82e
curl: fix include conditions 2019-08-29 19:25:09 +02:00
lufia
05856dae9c
plan9: fix installation instructions 
Closes #4276
 2019-08-29 19:24:59 +02:00
Daniel Stenberg
7bac3135df
ngtcp2: on h3 stream close, call expire 
... to trigger a new read to detect the stream close!

Closes #4275
 2019-08-29 19:23:52 +02:00
Tatsuhiro Tsujikawa
484b6f345f
ngtcp2: build latest ngtcp2 and ngtcp2_crypto_openssl 
Closes #4278
 2019-08-29 19:22:16 +02:00
Daniel Stenberg
0690b3330c
ngtcp2: set flow control window to stream buffer size 
Closes #4274
 2019-08-28 14:37:19 +02:00
Christopher Head
ff2bbfb637
CURLOPT_HEADERFUNCTION.3: clarify 
Closes #4273
 2019-08-28 08:52:29 +02:00
Daniel Stenberg
44c9884552
CURLINFO docs: mention that in redirects times are added 
Suggested-by: Brandon Dong
Fixes #4250
Closes #4269
 2019-08-28 00:03:12 +02:00
Daniel Stenberg
ca06013ed4
travis: enable ngtcp2 builds again 
Switched to the openssl-quic-draft-22 openssl branch.

Closes #4271
 2019-08-28 00:03:12 +02:00
Daniel Stenberg
e93d7c3e90 HTTP3: switched openssl branch to use 2019-08-27 17:07:47 +02:00
Tatsuhiro Tsujikawa
5b3be0729c
ngtcp2: Build with latest ngtcp2 and ngtcp2_crypto_openssl 
Closes #4270
 2019-08-27 16:31:19 +02:00
Daniel Stenberg
c1b6a384f9
http2: when marked for closure and wanted to close == OK 
It could otherwise return an error even when closed correctly if GOAWAY
had been received previously.

Reported-by: Tom van der Woerdt
Fixes #4267
Closes #4268
 2019-08-26 22:44:59 +02:00
Daniel Stenberg
5cd0b6f1f3
RELEASE-NOTES: synced 2019-08-26 14:45:41 +02:00
Daniel Stenberg
c661d731be
build-openssl: fix build with Visual Studio 2019 
Reviewed-by: Marcel Raad
Contributed-by: osabc on github
Fixes #4188
Closes #4266
 2019-08-26 14:34:26 +02:00
Kamil Dudka
7e513c1048 vauth: return CURLE_AUTH_ERROR on gss_init_sec_context() failure 
This is a follow-up to https://github.com/curl/curl/pull/3864 .

Closes #4224
 2019-08-26 13:43:21 +02:00
Daniel Stenberg
cac07fb639
KNOWN_BUGS: USE_UNIX_SOCKETS on Windows 
Closes #4040
 2019-08-26 12:11:29 +02:00
Daniel Stenberg
48f589893d
quiche: send the HTTP body correctly on callback uploads 
Closes #4265
 2019-08-26 11:31:39 +02:00
Daniel Stenberg
b0d41faeaa
travis: disable ngtcp2 builds (temporarily) 
Just too many API changes right now

Closes #4264
 2019-08-26 11:31:38 +02:00
Daniel Stenberg
aae22fdbd5
ngtcp2: add support for SSLKEYLOGFILE 
Closes #4260
 2019-08-25 23:29:46 +02:00
Daniel Stenberg
30a606e066
ngtcp2: improve h3 response receiving 
Closes #4259
 2019-08-25 23:29:43 +02:00
Daniel Stenberg
b959c2f775
ngtcp2: use nghttp3_version() 2019-08-25 23:18:17 +02:00
Daniel Stenberg
ff4ef390f6
ngtcp2: sync with upstream API changes 
Assisted-by: Tatsuhiro Tsujikawa
 2019-08-25 23:18:14 +02:00
Kyle Abramowitz
25f9621935
scp: fix directory name length used in memcpy 
Fix read off end of array due to bad pointer math in getworkingpath for
SCP home directory case.

Closes #4258
 2019-08-24 18:47:56 +02:00
Daniel Stenberg
65fda739ee
http: the 'closed' struct field is used by both ngh2 and ngh3 
and remove 'header_recvbuf', not used for anything

Reported-by: Jeremy Lainé

Closes #4257
 2019-08-24 17:21:41 +02:00
Daniel Stenberg
0a5d28fa2e
ngtcp2: accept upload via callback 
Closes #4256
 2019-08-23 22:33:29 +02:00
Daniel Stenberg
32d64b2e87
defines: avoid underscore-prefixed defines 
Double-underscored or underscore plus uppercase letter at least.

... as they're claimed to be reserved.

Reported-by: patnyb on github

Fixes #4254
Closes #4255
 2019-08-23 11:47:57 +02:00
Daniel Stenberg
95507f1dc8
travis: add a build using ngtcp2 + nghttp3 (and a patched OpenSSL) 
Runs no tests

Closes #4253
 2019-08-22 09:03:30 +02:00
Daniel Stenberg
7037891fa3
travis: bump to using nghttp2 version 1.39.2 
Closes #4252
 2019-08-21 11:33:31 +02:00
Gisle Vanem
216dd886e7
docs/examples/curlx: fix errors 
Initialise 'mimetype' and require the -p12 arg.

Closes #4248
 2019-08-21 09:48:00 +02:00
Daniel Stenberg
e59540139a
cleanup: remove DOT_CHAR completely 
Follow-up to f9c7ba9096

The use of DOT_CHAR for ".ssh" was probably a mistake and is removed
now.

Pointed-out-by: Gisle Vanem
Bug: https://github.com/curl/curl/pull/4230#issuecomment-522960638

Closes #4247
 2019-08-20 23:07:59 +02:00
Daniel Stenberg
23803aae7b
spnego_sspi: add typecast to fix build warning 
Reported in build "Win32 target on Debian Stretch (64-bit) -
i686-w64-mingw32 - gcc-20170516"

Closes #4245
 2019-08-20 23:06:19 +02:00
Daniel Stenberg
3e8a9bfd17
openssl: build warning free with boringssl 
Closes #4244
 2019-08-20 19:55:06 +02:00