Age | Commit message (Collapse) | Author |
|
Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL
fails on Windows < 8.1 so we need to disable ALPN on these OS versions.
Inspiration provide by: Daniel Seither
Closes #848
Fixes #840
|
|
LoadLibrary was supplanted by Curl_load_library for security
reasons in 6df916d.
|
|
- Change the parser to not require a minor version for HTTP/2.
HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2
in 8243a95 because the parser still expected a minor version.
Bug: https://github.com/curl/curl/issues/855
Reported-by: Andrew Robbins, Frank Gevaerts
|
|
connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else'
|
|
Closes #845
|
|
|
|
|
|
... causing SIGSEGV while parsing URL with too many globs.
Minimal example:
$ curl $(for i in $(seq 101); do printf '{a}'; done)
Reported-by: Romain Coltel
Bug: https://bugzilla.redhat.com/1340757
|
|
Closes #850
|
|
Dependency added by 6cabd78
Closes #849
|
|
Sessionid cache management is inseparable from managing individual
session lifetimes. E.g. for reference-counted sessions (like those in
SChannel and OpenSSL engines) every session addition and removal
should be accompanied with refcount increment and decrement
respectively. Failing to do so synchronously leads to a race condition
that causes symptoms like use-after-free and memory corruption.
This commit:
- makes existing session cache locking explicit, thus allowing
individual engines to manage lock's scope.
- fixes OpenSSL and SChannel engines by putting refcount management
inside this lock's scope in relevant places.
- adds these explicit locking calls to other engines that use
sessionid cache to accommodate for this change. Note, however,
that it is unknown whether any of these engines could also have
this race.
Bug: https://github.com/curl/curl/issues/815
Fixes #815
Closes #847
|
|
Closes #822
|
|
|
|
... to make it not look like an OpenSSL function
|
|
Closes #844
|
|
This broke in 7.49.0 with commit e200034425a7625
Fixes #842
|
|
Mostly in order to support broken web sites that redirect to broken URLs
that are accepted by browsers.
Browsers are typically even more leniant than this as the WHATWG URL
spec they should allow an _infinite_ amount. I tested 8000 slashes with
Firefox and it just worked.
Added test case 1141, 1142 and 1143 to verify the new parser.
Closes #791
|
|
Closes #837
|
|
Closes #838
|
|
Adds access to the effectively used http version to both libcurl and
curl.
Closes #799
|
|
|
|
With OPENSSL_NO_COMP defined, there is no function
SSL_COMP_free_compression_methods
Closes #836
|
|
Fixes #828
|
|
Closes #834
|
|
|
|
|
|
Inspiration provided by: Daniel Stenberg and Ray Satiro
Bug: https://curl.haxx.se/docs/adv_20160530.html
Ref: Windows DLL hijacking with curl, CVE-2016-4802
|
|
|
|
Bug: https://github.com/curl/curl/issues/826
Reported-by: Michael Wallner
|
|
The statvfs functionality was added to libssh2 in that version, so we
switch off that functionality when built with older libraries.
Fixes #831
|
|
Regression from the previous *printf() rearrangements, this file missed to
include the correct header to make sure snprintf() works universally.
Reported-by: Moti Avrahami
Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
|
|
Added support for checking the tchar, unicode and mbcs variants of
strcat() and strncat() in the banned function list.
|
|
|
|
Now giving credit properly to github user names, fixed some UTF-8 issues
and added names discovered when contrithanks was improved.
|
|
|
|
|
|
|
|
|
|
|
|
from 1577bfa35ba
|
|
Prior to this change if a GitHub contributor's real name was unknown
they would be omitted from the list.
Bug: https://github.com/curl/curl/issues/824
|
|
|
|
- Free compression methods if OpenSSL 1.0.2 to avoid a memory leak.
Bug: https://github.com/curl/curl/issues/817
Reported-by: jveazey@users.noreply.github.com
|
|
While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was
getting:
f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '('
to follow 'CURL_EXTERN'
f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085:
'curl_domalloc': not in formal parameter list
|
|
|
|
Closes #818
|
|
Closes #821
|
|
The connect-to list isn't copied so as long as the handle may be used
for a transfer the list must be valid.
Bug: https://github.com/curl/curl/pull/819
Reported-by: Michael Kaufmann
|
|
|
|
See OpenSSL commit 21e001747d4a
|