Age | Commit message (Collapse) | Author |
|
Closes #834
|
|
|
|
|
|
Inspiration provided by: Daniel Stenberg and Ray Satiro
Bug: https://curl.haxx.se/docs/adv_20160530.html
Ref: Windows DLL hijacking with curl, CVE-2016-4802
|
|
|
|
Bug: https://github.com/curl/curl/issues/826
Reported-by: Michael Wallner
|
|
The statvfs functionality was added to libssh2 in that version, so we
switch off that functionality when built with older libraries.
Fixes #831
|
|
Regression from the previous *printf() rearrangements, this file missed to
include the correct header to make sure snprintf() works universally.
Reported-by: Moti Avrahami
Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
|
|
Added support for checking the tchar, unicode and mbcs variants of
strcat() and strncat() in the banned function list.
|
|
|
|
Now giving credit properly to github user names, fixed some UTF-8 issues
and added names discovered when contrithanks was improved.
|
|
|
|
|
|
|
|
|
|
|
|
from 1577bfa35ba
|
|
Prior to this change if a GitHub contributor's real name was unknown
they would be omitted from the list.
Bug: https://github.com/curl/curl/issues/824
|
|
|
|
- Free compression methods if OpenSSL 1.0.2 to avoid a memory leak.
Bug: https://github.com/curl/curl/issues/817
Reported-by: jveazey@users.noreply.github.com
|
|
While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was
getting:
f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '('
to follow 'CURL_EXTERN'
f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085:
'curl_domalloc': not in formal parameter list
|
|
|
|
Closes #818
|
|
Closes #821
|
|
The connect-to list isn't copied so as long as the handle may be used
for a transfer the list must be valid.
Bug: https://github.com/curl/curl/pull/819
Reported-by: Michael Kaufmann
|
|
|
|
See OpenSSL commit 21e001747d4a
|
|
... when generating them, not "2.0" as the protocol is called just
HTTP/2 and nothing else.
|
|
Closes https://github.com/curl/curl/pull/816
|
|
|
|
The preprocessor check that sets up the 32bit defines for non-configure
builds didn't work properly for MIPS systems as __mips__ is defined for
both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit.
Reported-by: Tomas Jakobsson
Fixes #813
|
|
For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK
7.1 is used. In this case, _USING_V110_SDK71_ is defined.
Closes #812
|
|
Reported-by: Paul Howarth
Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html
|
|
Reported-by: Ray Satiro
Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html
|
|
|
|
|
|
...as otherwise the TLS libs will skip the CN/SAN check and just allow
connection to any server. curl previously skipped this function when SNI
wasn't used or when connecting to an IP address specified host.
CVE-2016-3739
Bug: https://curl.haxx.se/docs/adv_20160518A.html
Reported-by: Moti Avrahami
|
|
Closes #811
|
|
|
|
Closes #762
|
|
|
|
CID 1361815: Explicit null dereferenced (FORWARD_NULL)
|
|
CID 1361811: Explicit null dereferenced (FORWARD_NULL)
|
|
CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when
we run over 'workend' but the condition says <= workend and for all I
can see it should be safe. Compensating for the warning by adding a byte
margin in the buffer.
Also, removed the extra brace level indentation in the code and made it
so that 'workend' is only assigned once within the function.
|
|
|
|
|
|
- Return value type must match function type.
s/CURLM_OUT_OF_MEMORY/CURLE_OUT_OF_MEMORY/
Caught by Travis CI
|
|
The proper FTP wildcard init is now more properly done in Curl_pretransfer()
and the corresponding cleanup in Curl_close().
The previous place of init/cleanup code made the internal pointer to be NULL
when this feature was used with the multi_socket() API, as it was made within
the curl_multi_perform() function.
Reported-by: Jonathan Cardoso Machado
Fixes #800
|
|
Because the old OpenSSL link now redirects to their master documentation
(currently 1.1.0), which does not document the required actions for
OpenSSL <= 1.0.2.
|
|
|