Age | Commit message (Collapse) | Author |
|
PVS-Studio warning
Fixes #4402
|
|
Otherwise curl may be told to use for instance pop3 to
communicate with the doh server, which most likely
is not what you want.
Found through fuzzing.
Closes #4406
|
|
Closes #4406
|
|
Closes #4401
Fixes #4400
|
|
Curl_timeleft returns `timediff_t`, which is 64 bits wide also on
32-bit systems since commit b1616dad8f0.
Closes https://github.com/curl/curl/pull/4398
|
|
This is a small fix to commit ebd213270a017a6830928ee2e1f4a9cabc799898
in pull request #1221. That commit added the CURL_EMBED_MANIFEST flag to
CURL_RC_FLAGS. However, later in the file CURL_RC_FLAGS is
overwritten. The fix is to append values to CURL_RC_FLAGS instead of
overwriting
Closes #4399
|
|
|
|
It was already fixed for BoringSSL in commit a0f8fccb1e0.
LibreSSL has had the second argument to SSL_CTX_set_min_proto_version
as uint16_t ever since the function was added in [0].
[0] https://github.com/libressl-portable/openbsd/commit/56f107201baefb5533486d665a58d8f57fd3aeda
Closes https://github.com/curl/curl/pull/4397
|
|
When looping around the ranges and given URLs to create transfers, all
errors should exit the loop and return. Previously it would keep
looping.
Reported-by: SumatraPeter on github
Bug: #4393
Closes #4396
|
|
Prior to this change when a server returned a socks5 connect error then
curl would parse the destination address:port from that data and show it
to the user as the destination:
curld -v --socks5 10.0.3.1:1080 http://google.com:99
* SOCKS5 communication to google.com:99
* SOCKS5 connect to IPv4 172.217.12.206 (locally resolved)
* Can't complete SOCKS5 connection to 253.127.0.0:26673. (1)
curl: (7) Can't complete SOCKS5 connection to 253.127.0.0:26673. (1)
That's incorrect because the address:port included in the connect error
is actually a bind address:port (typically unused) and not the
destination address:port. This fix changes curl to show the destination
information that curl sent to the server instead:
curld -v --socks5 10.0.3.1:1080 http://google.com:99
* SOCKS5 communication to google.com:99
* SOCKS5 connect to IPv4 172.217.7.14:99 (locally resolved)
* Can't complete SOCKS5 connection to 172.217.7.14:99. (1)
curl: (7) Can't complete SOCKS5 connection to 172.217.7.14:99. (1)
curld -v --socks5-hostname 10.0.3.1:1080 http://google.com:99
* SOCKS5 communication to google.com:99
* SOCKS5 connect to google.com:99 (remotely resolved)
* Can't complete SOCKS5 connection to google.com:99. (1)
curl: (7) Can't complete SOCKS5 connection to google.com:99. (1)
Ref: https://tools.ietf.org/html/rfc1928#section-6
Closes https://github.com/curl/curl/pull/4394
|
|
|
|
Closes #4395
|
|
Follow-up from 03ebe66d70
|
|
Closes #4387
Fixes #4379
|
|
Closes #4383
|
|
Closes #4382
|
|
As the loop discards cookies without domain set. This bug would lead to
qsort() trying to sort uninitialized pointers. We have however not found
it a security problem.
Reported-by: Paul Dreik
Closes #4386
|
|
If the input hostname is "[", hlen will underflow to max of size_t when
it is subtracted with 2.
hostname[hlen] will then cause a warning by ubsanitizer:
runtime error: addition of unsigned offset to 0x<snip> overflowed to
0x<snip>
I think that in practice, the generated code will work, and the output
of hostname[hlen] will be the first character "[".
This can be demonstrated by the following program (tested in both clang
and gcc, with -O3)
int main() {
char* hostname=strdup("[");
size_t hlen = strlen(hostname);
hlen-=2;
hostname++;
printf("character is %d\n",+hostname[hlen]);
free(hostname-1);
}
I found this through fuzzing, and even if it seems harmless, the proper
thing is to return early with an error.
Closes #4389
|
|
Closes #4392
|
|
|
|
... as the boringssl builds needs a very recent version
Co-authored-by: Jat Satiro
Closes #4361
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes bug detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
... both !result and (ftp->transfer != FTPTRANSFER_BODY)!
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
Fixes warning detected by PVS-Studio
Fixes #4374
Reported-by: Valerii Zapodovnikov
|
|
Closes #4381
|
|
CURLU_NO_AUTHORITY is intended for use with unknown schemes (i.e. not
"file:///") to override cURL's default demand that an authority exists.
Closes #4349
|
|
|
|
|
|
If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the
connection should not be reused.
Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html
Reported-by: Sebastian Haglund
Closes #4347
|
|
Closes #4380
|
|
|