moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
24,717 Commits 10 Branches 144 Tags 113 MiB
Commit Graph

24717 Commits

Author SHA1 Message Date
Daniel Stenberg bbde0407d1
curl: make sure the parallel transfers do them all 
The logic could erroneously break the loop too early before all
transfers had been transferred.

Reported-by: Tom van der Woerdt
Fixes #4316
Closes #4317
 2019-09-10 19:45:19 +02:00
Daniel Stenberg 9637dbfffd
urlapi: one colon is enough for the strspn() input (typo) 2019-09-10 11:51:51 +02:00
Daniel Stenberg eab3c580f9
urlapi: verify the IPv6 numerical address 
It needs to parse correctly. Otherwise it could be tricked into letting
through a-f using host names that libcurl would then resolve. Like
'[ab.be]'.

Reported-by: Thomas Vegas
Closes #4315
 2019-09-10 11:32:12 +02:00
Clément Notin ffe34b7b59
openssl: use SSL_CTX_set_<min|max>_proto_version() when available 
OpenSSL 1.1.0 adds SSL_CTX_set_<min|max>_proto_version() that we now use
when available.  Existing code is preserved for older versions of
OpenSSL.

Closes #4304
 2019-09-10 08:11:42 +02:00
Clément Notin 9136542d33
openssl: indent, re-organize and add comments 2019-09-10 08:08:44 +02:00
migueljcrum 67b30b3418
sspi: fix memory leaks 
Closes #4299
 2019-09-10 08:06:05 +02:00
Daniel Stenberg cb3dc99175
travis: disable ngtcp2 builds (again) 2019-09-10 08:03:05 +02:00
Daniel Stenberg c4c9e070f3
Curl_fillreadbuffer: avoid double-free trailer buf on error 
Reviewed-by: Jay Satiro
Reported-by: Thomas Vegas

Closes #4307
 2019-09-09 09:36:27 +02:00
Daniel Stenberg 74e152f119
tool_setopt: handle a libcurl build without netrc support 
Reported-by: codesniffer13 on github
Fixes #4302
Closes #4305
 2019-09-09 08:18:58 +02:00
Daniel Stenberg 9069838b30
security:read_data fix bad realloc() 
... that could end up a double-free

CVE-2019-5481
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
 2019-09-09 08:14:34 +02:00
Thomas Vegas facb0e4662
tftp: Alloc maximum blksize, and use default unless OACK is received 
Fixes potential buffer overflow from 'recvfrom()', should the server
return an OACK without blksize.

Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
CVE-2019-5482
 2019-09-09 08:14:34 +02:00
Thomas Vegas 82f3ba3806
tftp: return error when packet is too small for options 2019-09-09 08:14:34 +02:00
Daniel Stenberg 0f37c8df12 KNOWN_BUGS/TODO: cleanup and remove outdated issues 2019-09-05 14:40:18 +02:00
Daniel Stenberg 04ac67a471
RELEASE-NOTES: synced 2019-09-04 11:17:14 +02:00
Daniel Stenberg 158dcb9f86
netrc: free 'home' on error 
Follow-up to f9c7ba9096

Coverity CID 1453474

Closes #4291
 2019-09-03 23:00:51 +02:00
Daniel Stenberg 4ac2884003
urldata: avoid 'generic', use dedicated pointers 
For the 'proto' union within the connectdata struct.

Closes #4290
 2019-09-03 23:00:51 +02:00
Daniel Stenberg 5050edb124
cleanup: move functions out of url.c and make them static 
Closes #4289
 2019-09-03 13:11:12 +02:00
Daniel Stenberg 4d0306c698
smtp: check for and bail out on too short EHLO response 
Otherwise, a three byte response would make the smtp_state_ehlo_resp()
function misbehave.

Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/16918

Assisted-by: Max Dymond

Closes #4287
 2019-09-03 08:25:23 +02:00
Daniel Stenberg 198b73d12c
smb: init *msg to NULL in smb_send_and_recv() 
... it might otherwise return OK from this function leaving that pointer
uninitialized.

Bug: https://crbug.com/oss-fuzz/16907

Closes #4286
 2019-09-02 23:06:48 +02:00
Daniel Stenberg 82a2168e61
ROADMAP: updated after recent user poll 
In rough prio order
 2019-09-02 09:49:31 +02:00
Daniel Stenberg 62ffab9dcb
THANKS: remove duplicate 2019-08-31 12:10:36 +02:00
Daniel Stenberg 84ced9389e
Curl_addr2string: take an addrlen argument too 
This allows the function to figure out if a unix domain socket has a
file name or not associated with it! When a socket is created with
socketpair(), as done in the fuzzer testing, the path struct member is
uninitialized and must not be accessed.

Bug: https://crbug.com/oss-fuzz/16699

Closes #4283
 2019-08-31 11:41:56 +02:00
Rolf Eike Beer cd68dfe831
CMake: remove needless newlines at end of gss variables 2019-08-31 11:40:10 +02:00
Rolf Eike Beer d05cee4b3a
CI: remove duplicate configure flag for LGTM.com 2019-08-31 11:40:09 +02:00
Rolf Eike Beer 3e7769a580
CMake: use platform dependent name for dlopen() library 
Closes #4279
 2019-08-31 11:39:47 +02:00
Daniel Stenberg c30aff4f88
quiche: expire when poll returned data 
... to make sure we continue draining the queue until empty

Closes #4281
 2019-08-30 17:41:16 +02:00
Daniel Stenberg 4d9e324771
quiche: decrease available buffer size, don't assign it! 
Found-by: Jeremy Lainé
 2019-08-30 17:41:11 +02:00
Daniel Stenberg db8f760319
RELEASE-NOTES: synced 2019-08-29 23:43:44 +02:00
lufia 4a90c5b82e
curl: fix include conditions 2019-08-29 19:25:09 +02:00
lufia 05856dae9c
plan9: fix installation instructions 
Closes #4276
 2019-08-29 19:24:59 +02:00
Daniel Stenberg 7bac3135df
ngtcp2: on h3 stream close, call expire 
... to trigger a new read to detect the stream close!

Closes #4275
 2019-08-29 19:23:52 +02:00
Tatsuhiro Tsujikawa 484b6f345f
ngtcp2: build latest ngtcp2 and ngtcp2_crypto_openssl 
Closes #4278
 2019-08-29 19:22:16 +02:00
Daniel Stenberg 0690b3330c
ngtcp2: set flow control window to stream buffer size 
Closes #4274
 2019-08-28 14:37:19 +02:00
Christopher Head ff2bbfb637
CURLOPT_HEADERFUNCTION.3: clarify 
Closes #4273
 2019-08-28 08:52:29 +02:00
Daniel Stenberg 44c9884552
CURLINFO docs: mention that in redirects times are added 
Suggested-by: Brandon Dong
Fixes #4250
Closes #4269
 2019-08-28 00:03:12 +02:00
Daniel Stenberg ca06013ed4
travis: enable ngtcp2 builds again 
Switched to the openssl-quic-draft-22 openssl branch.

Closes #4271
 2019-08-28 00:03:12 +02:00
Daniel Stenberg e93d7c3e90 HTTP3: switched openssl branch to use 2019-08-27 17:07:47 +02:00
Tatsuhiro Tsujikawa 5b3be0729c
ngtcp2: Build with latest ngtcp2 and ngtcp2_crypto_openssl 
Closes #4270
 2019-08-27 16:31:19 +02:00
Daniel Stenberg c1b6a384f9
http2: when marked for closure and wanted to close == OK 
It could otherwise return an error even when closed correctly if GOAWAY
had been received previously.

Reported-by: Tom van der Woerdt
Fixes #4267
Closes #4268
 2019-08-26 22:44:59 +02:00
Daniel Stenberg 5cd0b6f1f3
RELEASE-NOTES: synced 2019-08-26 14:45:41 +02:00
Daniel Stenberg c661d731be
build-openssl: fix build with Visual Studio 2019 
Reviewed-by: Marcel Raad
Contributed-by: osabc on github
Fixes #4188
Closes #4266
 2019-08-26 14:34:26 +02:00
Kamil Dudka 7e513c1048 vauth: return CURLE_AUTH_ERROR on gss_init_sec_context() failure 
This is a follow-up to https://github.com/curl/curl/pull/3864 .

Closes #4224
 2019-08-26 13:43:21 +02:00
Daniel Stenberg cac07fb639
KNOWN_BUGS: USE_UNIX_SOCKETS on Windows 
Closes #4040
 2019-08-26 12:11:29 +02:00
Daniel Stenberg 48f589893d
quiche: send the HTTP body correctly on callback uploads 
Closes #4265
 2019-08-26 11:31:39 +02:00
Daniel Stenberg b0d41faeaa
travis: disable ngtcp2 builds (temporarily) 
Just too many API changes right now

Closes #4264
 2019-08-26 11:31:38 +02:00
Daniel Stenberg aae22fdbd5
ngtcp2: add support for SSLKEYLOGFILE 
Closes #4260
 2019-08-25 23:29:46 +02:00
Daniel Stenberg 30a606e066
ngtcp2: improve h3 response receiving 
Closes #4259
 2019-08-25 23:29:43 +02:00
Daniel Stenberg b959c2f775
ngtcp2: use nghttp3_version() 2019-08-25 23:18:17 +02:00
Daniel Stenberg ff4ef390f6
ngtcp2: sync with upstream API changes 
Assisted-by: Tatsuhiro Tsujikawa
 2019-08-25 23:18:14 +02:00
Kyle Abramowitz 25f9621935
scp: fix directory name length used in memcpy 
Fix read off end of array due to bad pointer math in getworkingpath for
SCP home directory case.

Closes #4258
 2019-08-24 18:47:56 +02:00