aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-04-22gtls: fix NULL pointer dereferenceDaniel Stenberg
gnutls_x509_crt_import() must not be called with a NULL certificate Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html Reported-by: Damian Dixon
2014-04-22curl_global_init_mem: bump initialized even if already initializedDaniel Stenberg
As this makes curl_global_init_mem() behave the same way as curl_global_init() already does in that aspect - the same number of curl_global_cleanup() calls is then required to again decrease the counter and then eventually do the cleanup. Bug: http://curl.haxx.se/bug/view.cgi?id=1362 Reported-by: Tristan
2014-04-22nss: implement non-blocking SSL handshakeKamil Dudka
2014-04-22nss: split Curl_nss_connect() into 4 functionsKamil Dudka
2014-04-22tests: Fixed torture test for tests 1526 & 1527Dan Fandrich
2014-04-22sockfilt.c: clean up threaded approach and add documentationMarc Hoersken
2014-04-22sockfilt.c: zero initialize variableMarc Hoersken
2014-04-22sockfilt.c: fixed getting stuck waiting for MinGW stdin pipeMarc Hoersken
2014-04-22configure: use the nghttp2 path correctly with pkg-configDaniel Stenberg
When --with-nghttp2 was used (without a given path), the PKG_CONFIG_LIBDIR varialbe could get clobbered and ruin a proper detection of the library. Reported-by: Dilyan Palauzov Bug: http://curl.haxx.se/mail/lib-2014-04/0159.html
2014-04-21configure: fix wrong commentDilyan Palauzov
copy and paste error
2014-04-21build: Fixed output name for Release builds in VC10 and VC11Steve Holme
2014-04-20sockfilt.c: properly handle disk files, pipes and character inputMarc Hoersken
2014-04-20sockfilt.c: ignore non-key-events and continue waiting for inputMarc Hoersken
2014-04-20sockfilt.c: free memory in case of memory allocation errorsMarc Hoersken
2014-04-19multi.c: fix possible invalid memory access in case nfds overflowsMarc Hoersken
ufds might not be allocated in case nfds overflows to zero while extra_nfds is still non-zero. udfs is then accessed within the extra_nfds-based for loop.
2014-04-19netrc.c: fix multiple possible dereferences of null pointersMarc Hoersken
2014-04-19parsedate.c: check sscanf result before passing it to strlenMarc Hoersken
2014-04-19telnet.c: check sscanf results before passing them to snprintfMarc Hoersken
2014-04-19telnet.c: fix possible use of uninitialized variableMarc Hoersken
2014-04-19telnet.c: fix possible use of non-null-terminated stringsMarc Hoersken
2014-04-19url.c: fix possible use of non-null-terminated string with strlenMarc Hoersken
Follow up on b0e742544be22ede33206a597b22682e51e0c676
2014-04-19tool_writeout.c: initialize string pointer variableMarc Hoersken
2014-04-19tool_formparse.c: fix possible use of non-null-terminated stringsMarc Hoersken
2014-04-19url.c: fix possible use of non-null-terminated string with strlenMarc Hoersken
2014-04-18connect.c: fix multiple possible dereferences of null pointersMarc Hoersken
In case the first address in the tempaddr array is NULL, the code would previously dereference an unchecked null pointer.
2014-04-18tftp.c: fix possible dereference of null pointerMarc Hoersken
2014-04-18tool_urlglob.c: added some comments to clarify for loop conditionsMarc Hoersken
I was tempted to change those to >= 0 until I saw that this is actually a for loop that terminates once i underflows.
2014-04-18socks_sspi.c: added pointer guards to FreeContextBuffer callsMarc Hoersken
The FreeContextBuffer SAL declaration does not declare the pointer as optional, therefore it must not be NULL.
2014-04-18md5.c: fix use of uninitialized variableMarc Hoersken
2014-04-18curl_schannel.c: added explicit cast of structure pointersMarc Hoersken
2014-04-18curl_schannel.c: fix possible dereference of null pointerMarc Hoersken
2014-04-18RELEASE-NOTES: Synced with 33e0cba8f1Steve Holme
2014-04-18curl_easy_setopt: Updated CURLOPT_URL to include IMAP PARTIAL FETCH exampleSteve Holme
2014-04-18imap: Extended FETCH support to include PARTIAL URL specifierSteve Holme
2014-04-18url.c: Fixed typo in commentSteve Holme
2014-04-18curl_easy_setopt: Updated CURLOPT_URL to include IMAP query string examplesSteve Holme
2014-04-18test810: Updated to use new IMAP URL query string functionalitySteve Holme
2014-04-18imap: Expanded mailbox SEARCH support to use URL query stringsSteve Holme
2014-04-18imap: Added support for parsing URL query stringsSteve Holme
Added support for parsing query strings from the URL as defined by RFC-5092.
2014-04-18imap: Introduced the SEARCH stateSteve Holme
2014-04-18imap: Fixed untagged response detection when no data after commandSteve Holme
Should a command return untagged responses that contained no data then the imap_matchresp() function would not detect them as valid responses, as it wasn't taking the CRLF characters into account at the end of each line.
2014-04-18build: Added Visual Studio 2012 (VC11) project filesSteve Holme
Carrying on from commit 11025613b9 added VC11 project files which are capable of supporting side-by-side compilation, 32-bit and 64-bit builds as well as support for some of the third-party libraries curl uses.
2014-04-17build: Corrected Visual Studio solutions for DLL Release x64Steve Holme
2014-04-17README.http2: mention some alt-svc thoughtsDaniel Stenberg
2014-04-16Makefile.am: Missed separator in commit fbaa2f8660Steve Holme
2014-04-16build: Added Visual Studio 2010 (VC10) project filesSteve Holme
Carrying on from commit 11025613b9 added VC10 project files which are capable of supporting side-by-side compilation, 32-bit and 64-bit builds as well as support for some of the third-party libraries curl uses.
2014-04-14url: only use if_nametoindex() if IFNAMSIZ is availableDan Fandrich
2014-04-09symbian: fixed typo in commentDan Fandrich
2014-04-09build: Added Visual Studio 2008 (VC9) project filesSteve Holme
Carrying on from commit 11025613b9, added VC9 project files which are capable of supporting side-by-side compilation, 32-bit and 64-bit builds as well as support for some of the third-party libraries curl uses.
2014-04-08sas: Added DIGEST-MD5 qop-option validation in native challange handlingSteve Holme
Given that we presently support "auth" and not "auth-int" or "auth-conf" for native challenge-response messages, added client side validation of the quality-of-protection options from the server's challenge message.