diff options
-rw-r--r-- | CHANGES | 13 | ||||
-rw-r--r-- | RELEASE-NOTES | 6 |
2 files changed, 17 insertions, 2 deletions
@@ -6,6 +6,19 @@ Changelog +Daniel Stenberg (16 Nov 2008) +- Added check for NULL returns from strdup() in src/main.c and lib/formdata.c + - reported by Jim Meyering also prevent buffer overflow on MSDOS when you do + for example -O on a url with a file name part longer than PATH_MAX letters + +- lib/nss.c fixes based on the report by Jim Meyering: I went over and added + checks for return codes for all calls to malloc and strdup that were + missing. I also changed a few malloc(13) to use arrays on the stack and a + few malloc(PATH_MAX) to instead use aprintf() to lower memory use. + +- I fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is + in use. + Daniel Fandrich (14 Nov 2008) - Added .xml as one of the few common file extensions known by the multipart form generator. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 310df78f3..6383f765e 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -13,7 +13,9 @@ This release includes the following changes: This release includes the following bugfixes: - o + o fixed several calls to memory functions that didn't check return codes + o memory leak for SSL connects with libcurl/NSS when CURLOPT_ISSUERCERT was + used This release includes the following known bugs: @@ -26,6 +28,6 @@ Other curl-related news: This release would not have looked like this without help, code, reports and advice from friends like these: - + Yang Tse, Daniel Fandrich, Jim Meyering Thanks! (and sorry if I forgot to mention someone) |