Age | Commit message (Collapse) | Author |
|
returning 'time_t' is problematic when that type is unsigned and we
return values less than zero to signal "already expired", used in
several places in the code.
Closes #2021
|
|
|
|
Regression since f121575c0b5f
Reported-by: Rob Cotrone
|
|
This avoids warnings about unused stuff.
Closes https://github.com/curl/curl/pull/2023
|
|
"PR-welcome" was the former name.
|
|
|
|
If WINAPI_FAMILY is defined, it should be safe to try to include
winapifamily.h to check what the define evaluates to.
This should fix detection of CURL_WINDOWS_APP if building with
_WIN32_WINNT set to 0x0600.
Closes #2025
|
|
- When uploading via chunked-encoding don't compare file size to bytes
sent to determine whether the upload has finished.
Chunked-encoding adds its own overhead which why the bytes sent is not
equal to the file size. Prior to this change if a file was uploaded in
chunked-encoding and its size was known it was possible that the upload
could end prematurely without sending the final few chunks. That would
result in a server hang waiting for the remaining data, likely followed
by a disconnect.
The scope of this bug is limited to some arbitrary file sizes which have
not been determined. One size that triggers the bug is 475020.
Bug: https://github.com/curl/curl/issues/2001
Reported-by: moohoorama@users.noreply.github.com
Closes https://github.com/curl/curl/pull/2010
|
|
... by using curl_off_t for the typedef if time_t is larger than 4
bytes.
Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0#co
mmitcomment-25205058
Closes #2019
|
|
... instead of doing an infinite loop!
Added test 1162 to verify.
Reported-by: Max Dymond
Fixes #2015
Closes #2017
|
|
Fixes timeouts in the fuzzing tests for non-FTP protocols.
Closes #2016
|
|
Allow users to specify their own hash define for
CURL_CONNECTION_HASH_SIZE so that both values can be overridden.
Closes #1982
|
|
... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.
Also, cleaned up the Curl_timediff*() functions to avoid typecasts and
clean up the descriptive comments.
Closes #2011
|
|
|
|
When using the FTP list parser, ensure that the memory that's
allocated is always freed.
Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682
Closes #2013
|
|
... to cater for systems with unsigned time_t variables.
- Renamed the functions to curlx_timediff and Curl_timediff_us.
- Added overflow protection for both of them in either direction for
both 32 bit and 64 bit time_ts
- Reprefixed the curlx_time functions to use Curl_*
Reported-by: Peter Piekarski
Fixes #2004
Closes #2005
|
|
They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too.
This fixes build failures on Fedora 13.
Closes #2006
|
|
closes #2008
|
|
|
|
|
|
We don't expect any steps to fail in travis. Exit the script if they do.
Closes #1966
|
|
|
|
|
|
Aurora is no longer used by Mozilla
https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/
|
|
The 'tip' is the most recent branch committed to, this should be
'default' like the URLs for the browser are.
Closes #1998
|
|
CVE-2017-1000257
Reported-by: Brian Carpenter and 0xd34db347
Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
|
|
... by using range checks. Among other things, this avoids an undefined
behavior for a left shift that could happen on negative or very large
values.
Closes #1997
Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
|
|
See issue #1999
|
|
The contents might have changed: size must be recomputed.
Reported-by: moteus on github
Fixes #1999
|
|
Even if OpenSSL is enabled, it might not be the default backend when
multi-ssl is enabled, causing the test to fail.
|
|
|
|
On OS/400, `close' is an ASCII system macro that corrupts the code if
not used in a context not targetting the close() system API.
|
|
Also adjust makefile to renamed files and warn about installation dirs mix-up.
|
|
|
|
|
|
|
|
... filter early instead of risking "funny values" having to be dealt
with elsewhere.
|
|
... that are multiplied by 1000 when stored.
For 32 bit long systems, the max value accepted (2147483 seconds) is >
596 hours which is unlikely to ever be set by a legitimate application -
and previously it didn't work either, it just caused undefined behavior.
Also updated the man pages for these timeout options to mention the
return code.
Closes #1938
|
|
Allow to ovverride certain build tools, making it possible to
use LLVM/Clang to build curl. The default behavior is unchanged.
To build with clang (as offered by MSYS2), these settings can
be used:
CURL_CC=clang
CURL_AR=llvm-ar
CURL_RANLIB=llvm-ranlib
Closes https://github.com/curl/curl/pull/1993
|
|
Use memset() to initialize a structure to avoid LLVM/Clang warning:
ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers]
Closes https://github.com/curl/curl/pull/1992
|
|
NOTE: it makes them terribly slow. I recommend only using valgrind for
specific torture tests or using lots of patience.
|
|
... to allow them to be included in torture tests too.
closes #1980
|
|
... we used it only for the fuzzer, which we now have in a separate git
repo.
Closes #1990
|
|
|
|
|
|
Reported-by: Jeroen Ooms
Closes #1988
|
|
Include test cases in 554, 587, 650.
Fixes https://github.com/curl/curl/issues/1986
|
|
Closes PR https://github.com/curl/curl/pull/1985
|
|
If stdin is not a regular file, its content is memory-buffered to enable
a possible data "rewind".
In all cases, stdin data size is determined before real use to avoid
having an unknown part's size.
--libcurl generated code is left as an unbuffered stdin fread/fseek callback
part with unknown data size.
Buffering is not supported in deprecated curl_formadd() API.
|
|
|