Paul Dreik
b766602729
doh: fix (harmless) buffer overrun
...
Added unit test case 1655 to verify.
Close #4352
the code correctly finds the flaws in the old code,
if one temporarily restores doh.c to the old version.
2019-09-15 23:25:24 +02:00
Alessandro Ghedini
5eb75d4186
docs: remove trailing ':' from section names in CURLOPT_TRAILER* man
2019-09-15 12:25:02 +01:00
Alessandro Ghedini
4a2d47e0b7
docs: fix typo in CURLOPT_HTTP_VERSION man
2019-09-15 12:25:02 +01:00
Daniel Stenberg
df26f5f9c3
CI: inintial github action job
...
First shot at a CI build on github actions
2019-09-14 20:25:43 +02:00
Daniel Stenberg
5977664d2f
appveyor: add a winbuild
...
Assisted-by: Marcel Raad
Assisted-by: Jay Satiro
Closes #4324
2019-09-13 23:17:36 +02:00
Daniel Stenberg
65f5b958c9
FTP: allow "rubbish" prepended to the SIZE response
...
This is a protocol violation but apparently there are legacy proprietary
servers doing this.
Added test 336 and 337 to verify.
Reported-by: Philippe Marguinaud
Closes #4339
2019-09-13 14:21:00 +02:00
Zenju
acf1d2acd1
FTP: skip CWD to entry dir when target is absolute
...
Closes #4332
2019-09-13 14:05:34 +02:00
Kamil Dudka
1ca91bcdb5
curl: fix memory leaked by parse_metalink()
...
This commit fixes a regression introduced by curl-7_65_3-5-gb88940850.
Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind
and libmetalink enabled.
Closes #4326
2019-09-13 10:09:48 +02:00
Daniel Stenberg
83b4cfacba
parsedate: still provide the name arrays when disabled
...
If FILE or FTP are enabled, since they also use them!
Reported-by: Roland Hieber
Fixes #4325
Closes #4343
2019-09-13 08:25:14 +02:00
Gilles Vollant
b543f1fadb
curl:file2string: load large files much faster
...
... by using a more efficient realloc scheme.
Bug: https://curl.haxx.se/mail/lib-2019-09/0045.html
Closes #4336
2019-09-13 08:22:58 +02:00
Daniel Stenberg
a56a47ac33
openssl: close_notify on the FTP data connection doesn't mean closure
...
For FTPS transfers, curl gets close_notify on the data connection
without that being a signal to close the control connection!
Regression since 3f5da4e59a
(7.65.0)
Reported-by: Zenju on github
Reviewed-by: Jay Satiro
Fixes #4329
Closes #4340
2019-09-13 00:10:47 +02:00
Jimmy Gaussen
4e3dfe3323
docs/HTTP3: fix --with-ssl
ngtcp2 configure flag
...
Closes #4338
2019-09-12 15:22:57 +02:00
Daniel Stenberg
f83b2f1ae1
RELEASE-NOTES: synced
2019-09-12 09:48:46 +02:00
Daniel Stenberg
2c4590010f
curlver: bump to 7.66.1
2019-09-12 09:48:46 +02:00
Zenju
0aef91411e
setopt: make it easier to add new enum values
...
... by using the *_LAST define names better.
Closes #4321
2019-09-12 09:42:54 +02:00
Daniel Stenberg
e34ec7de59
asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris
...
Reported-by: Dagobert Michelsen
Fixes #4328
Closes #4333
2019-09-12 09:37:11 +02:00
Bernhard Walle
a765a30500
winbuild/MakefileBuild.vc: Add vssh
...
Without that modification, the Windows build using the makefiles doesn't
work.
Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu>
Fixes #4322
Closes #4323
2019-09-11 14:18:44 +02:00
Bernhard Walle
142d89edba
winbuild/MakefileBuild.vc: Fix line endings
...
The file had mixed line endings.
Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu>
2019-09-11 12:56:22 +02:00
Jay Satiro
08f96982a9
ldap: Stop using wide char version of ldapp_err2string
...
Despite ldapp_err2string being documented by MS as returning a
PCHAR (char *), when UNICODE it is mapped to ldap_err2stringW and
returns PWCHAR (wchar_t *).
We have lots of code that expects ldap_err2string to return char *,
most of it failf used like this:
failf(data, "LDAP local: Some error: %s", ldap_err2string(rc));
Closes https://github.com/curl/curl/pull/4272
2019-09-11 02:44:47 -04:00
Daniel Stenberg
9cd755e1d7
RELEASE-NOTES: curl 7.66.0
2019-09-10 19:47:19 +02:00
Daniel Stenberg
fcd4aa4608
THANKS: from the 7.66.0 release
2019-09-10 19:47:19 +02:00
Daniel Stenberg
bbde0407d1
curl: make sure the parallel transfers do them all
...
The logic could erroneously break the loop too early before all
transfers had been transferred.
Reported-by: Tom van der Woerdt
Fixes #4316
Closes #4317
2019-09-10 19:45:19 +02:00
Daniel Stenberg
9637dbfffd
urlapi: one colon is enough for the strspn() input (typo)
2019-09-10 11:51:51 +02:00
Daniel Stenberg
eab3c580f9
urlapi: verify the IPv6 numerical address
...
It needs to parse correctly. Otherwise it could be tricked into letting
through a-f using host names that libcurl would then resolve. Like
'[ab.be]'.
Reported-by: Thomas Vegas
Closes #4315
2019-09-10 11:32:12 +02:00
Clément Notin
ffe34b7b59
openssl: use SSL_CTX_set_<min|max>_proto_version() when available
...
OpenSSL 1.1.0 adds SSL_CTX_set_<min|max>_proto_version() that we now use
when available. Existing code is preserved for older versions of
OpenSSL.
Closes #4304
2019-09-10 08:11:42 +02:00
Clément Notin
9136542d33
openssl: indent, re-organize and add comments
2019-09-10 08:08:44 +02:00
migueljcrum
67b30b3418
sspi: fix memory leaks
...
Closes #4299
2019-09-10 08:06:05 +02:00
Daniel Stenberg
cb3dc99175
travis: disable ngtcp2 builds (again)
2019-09-10 08:03:05 +02:00
Daniel Stenberg
c4c9e070f3
Curl_fillreadbuffer: avoid double-free trailer buf on error
...
Reviewed-by: Jay Satiro
Reported-by: Thomas Vegas
Closes #4307
2019-09-09 09:36:27 +02:00
Daniel Stenberg
74e152f119
tool_setopt: handle a libcurl build without netrc support
...
Reported-by: codesniffer13 on github
Fixes #4302
Closes #4305
2019-09-09 08:18:58 +02:00
Daniel Stenberg
9069838b30
security:read_data fix bad realloc()
...
... that could end up a double-free
CVE-2019-5481
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
2019-09-09 08:14:34 +02:00
Thomas Vegas
facb0e4662
tftp: Alloc maximum blksize, and use default unless OACK is received
...
Fixes potential buffer overflow from 'recvfrom()', should the server
return an OACK without blksize.
Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
CVE-2019-5482
2019-09-09 08:14:34 +02:00
Thomas Vegas
82f3ba3806
tftp: return error when packet is too small for options
2019-09-09 08:14:34 +02:00
Daniel Stenberg
0f37c8df12
KNOWN_BUGS/TODO: cleanup and remove outdated issues
2019-09-05 14:40:18 +02:00
Daniel Stenberg
04ac67a471
RELEASE-NOTES: synced
2019-09-04 11:17:14 +02:00
Daniel Stenberg
158dcb9f86
netrc: free 'home' on error
...
Follow-up to f9c7ba9096
Coverity CID 1453474
Closes #4291
2019-09-03 23:00:51 +02:00
Daniel Stenberg
4ac2884003
urldata: avoid 'generic', use dedicated pointers
...
For the 'proto' union within the connectdata struct.
Closes #4290
2019-09-03 23:00:51 +02:00
Daniel Stenberg
5050edb124
cleanup: move functions out of url.c and make them static
...
Closes #4289
2019-09-03 13:11:12 +02:00
Daniel Stenberg
4d0306c698
smtp: check for and bail out on too short EHLO response
...
Otherwise, a three byte response would make the smtp_state_ehlo_resp()
function misbehave.
Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/16918
Assisted-by: Max Dymond
Closes #4287
2019-09-03 08:25:23 +02:00
Daniel Stenberg
198b73d12c
smb: init *msg to NULL in smb_send_and_recv()
...
... it might otherwise return OK from this function leaving that pointer
uninitialized.
Bug: https://crbug.com/oss-fuzz/16907
Closes #4286
2019-09-02 23:06:48 +02:00
Daniel Stenberg
82a2168e61
ROADMAP: updated after recent user poll
...
In rough prio order
2019-09-02 09:49:31 +02:00
Daniel Stenberg
62ffab9dcb
THANKS: remove duplicate
2019-08-31 12:10:36 +02:00
Daniel Stenberg
84ced9389e
Curl_addr2string: take an addrlen argument too
...
This allows the function to figure out if a unix domain socket has a
file name or not associated with it! When a socket is created with
socketpair(), as done in the fuzzer testing, the path struct member is
uninitialized and must not be accessed.
Bug: https://crbug.com/oss-fuzz/16699
Closes #4283
2019-08-31 11:41:56 +02:00
Rolf Eike Beer
cd68dfe831
CMake: remove needless newlines at end of gss variables
2019-08-31 11:40:10 +02:00
Rolf Eike Beer
d05cee4b3a
CI: remove duplicate configure flag for LGTM.com
2019-08-31 11:40:09 +02:00
Rolf Eike Beer
3e7769a580
CMake: use platform dependent name for dlopen() library
...
Closes #4279
2019-08-31 11:39:47 +02:00
Daniel Stenberg
c30aff4f88
quiche: expire when poll returned data
...
... to make sure we continue draining the queue until empty
Closes #4281
2019-08-30 17:41:16 +02:00
Daniel Stenberg
4d9e324771
quiche: decrease available buffer size, don't assign it!
...
Found-by: Jeremy Lainé
2019-08-30 17:41:11 +02:00
Daniel Stenberg
db8f760319
RELEASE-NOTES: synced
2019-08-29 23:43:44 +02:00
lufia
4a90c5b82e
curl: fix include conditions
2019-08-29 19:25:09 +02:00