aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES13
-rw-r--r--RELEASE-NOTES6
2 files changed, 17 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index 8bc8ee142..99cd29ceb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,19 @@
Changelog
+Daniel Stenberg (16 Nov 2008)
+- Added check for NULL returns from strdup() in src/main.c and lib/formdata.c
+ - reported by Jim Meyering also prevent buffer overflow on MSDOS when you do
+ for example -O on a url with a file name part longer than PATH_MAX letters
+
+- lib/nss.c fixes based on the report by Jim Meyering: I went over and added
+ checks for return codes for all calls to malloc and strdup that were
+ missing. I also changed a few malloc(13) to use arrays on the stack and a
+ few malloc(PATH_MAX) to instead use aprintf() to lower memory use.
+
+- I fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is
+ in use.
+
Daniel Fandrich (14 Nov 2008)
- Added .xml as one of the few common file extensions known by the multipart
form generator.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 310df78f3..6383f765e 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -13,7 +13,9 @@ This release includes the following changes:
This release includes the following bugfixes:
- o
+ o fixed several calls to memory functions that didn't check return codes
+ o memory leak for SSL connects with libcurl/NSS when CURLOPT_ISSUERCERT was
+ used
This release includes the following known bugs:
@@ -26,6 +28,6 @@ Other curl-related news:
This release would not have looked like this without help, code, reports and
advice from friends like these:
-
+ Yang Tse, Daniel Fandrich, Jim Meyering
Thanks! (and sorry if I forgot to mention someone)