Age | Commit message (Collapse) | Author |
|
Previously it would end up with an uninitialized memory buffer that
would lead to a crash or junk getting output.
Added test 1271 to verify.
Reported-by: Brian Carpenter
Closes #4786
|
|
... as that might cause an unexpected SMB connection to a given host
name.
Reported-by: Fernando Muñoz
CVE-2019-15601
Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
|
|
|
|
Reported-by: Paul Joyce
Fixes https://github.com/curl/curl/issues/4787
|
|
Closes #4785
|
|
... for curl_easy_setopt() and curl_url_set().
[skip ci]
Closes #4783
|
|
... as it could otherwise leak memory when a transfer failed.
Added test 1293 to verify.
Reported-by: Brian Carpenter
Fixes #4781
Closes #4782
|
|
... to fix memory leak in error path.
Fixes #4772
Closes #4780
Reported-by: Brian Carpenter
|
|
Closes https://github.com/curl/curl/pull/4775
|
|
[skip ci]
|
|
Prior to this change the swsbounce check in service_connection could
fail because prevtestno and prevpartno were not set, which would cause
the wrong response data to be sent to some tests and cause them to fail.
Ref: https://github.com/curl/curl/pull/4717#issuecomment-570240785
|
|
These are read-only.
Closes https://github.com/curl/curl/pull/4771
|
|
Prior to this change tests that required NTLM feature did not require
SSL feature.
There are pending changes to cmake builds that will allow enabling NTLM
in non-SSL builds in Windows. In that case the NTLM auth strings created
are different from what is expected by the NTLM tests and they fail:
"The issue with NTLM is that previous non-SSL builds would not enable
NTLM and so the NTLM tests would be skipped."
Assisted-by: marc-groundctl@users.noreply.github.com
Ref: https://github.com/curl/curl/pull/4717#issuecomment-566218729
Closes https://github.com/curl/curl/pull/4768
|
|
Factor out common I/O loop as bearssl_run_until, which reads/writes TLS
records until the desired engine state is reached. This is now used for
the handshake, read, write, and close.
Match OpenSSL SSL_write behavior, and don't return the number of bytes
written until the corresponding records have been completely flushed
across the socket. This involves keeping track of the length of data
buffered into the TLS engine, and assumes that when CURLE_AGAIN is
returned, the write function will be called again with the same data
and length arguments. This is the same requirement of SSL_write.
Handle TLS close notify as EOF when reading by returning 0.
Closes https://github.com/curl/curl/pull/4748
|
|
- Stop using inline shell scripts for before_script and script sections.
Prior to this change Travis could ignore errors from commands in inline
scripts. I don't understand how or why it happens. This is a workaround.
Assisted-by: Simon Warta
Ref: https://github.com/travis-ci/travis-ci/issues/1066
Fixes https://github.com/curl/curl/issues/3730
Closes https://github.com/curl/curl/pull/3755
|
|
Found by fuzzing the config file.
Reported-by: Geeknik Labs
Fixes https://github.com/curl/curl/issues/4767
|
|
Modified by commit eb9a604 accidentally.
Closes https://github.com/curl/curl/pull/4756
|
|
- Undefine DEBUGASSERT in curl_setup_once.h in case it was already
defined as a system macro.
- Don't compile write32_le in curl_endian unless
CURL_SIZEOF_CURL_OFF_T > 4, since it's only used by Curl_write64_le.
- Include <arpa/inet.h> in socketpair.c.
Closes https://github.com/curl/curl/pull/4756
|
|
Bug: https://github.com/curl/curl/pull/4754#issuecomment-569126922
Reported-by: Emil Engler
|
|
For compatibility with `fwrite`, the `CURLOPT_HEADERFUNCTION` callback
is passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.
This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.
Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.
Reported-by: Frank Gevaerts
Commit-message-by: Christopher Head
Ref: https://github.com/curl/curl/pull/2787
Fixes https://github.com/curl/curl/issues/4758
|
|
Prior to this change curl_global_cleanup was not called if
curl_easy_init failed.
Reported-by: kouzhudong@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/4751
|
|
Follow-up to 525787269599b5
|
|
The comment was confusing and suggested that setting CURLOPT_NOPROGRESS
to 0L would both enable and disable debug output at the same time, like
a Schrödinger's cat of CURLOPTs.
Closes #4745
|
|
|
|
|
|
- Remove our cb_update_key in favor of ngtcp2's new
ngtcp2_crypto_update_key_cb which does the same thing.
Several days ago the ngtcp2_update_key callback function prototype was
changed in ngtcp2/ngtcp2@42ce09c. Though it would be possible to
fix up our cb_update_key for that change they also added
ngtcp2_crypto_update_key_cb which does the same thing so we'll use that
instead.
Ref: https://github.com/ngtcp2/ngtcp2/commit/42ce09c
Closes https://github.com/curl/curl/pull/4735
|
|
Even if the initial request line wasn't found. With the fix to 1455, the
test number is now detected correctly.
(Problem found when running tests in random order.)
Closes #4744
|
|
Follow-up to 23208e330ac0c21
Closes #4743
|
|
On my current Debian Unstable with libidn2 2.2.0, I get an error if
LC_ALL is set to blank. Then curl errors out with:
curl: (3) Failed to convert www.åäö.se to ACE; could not convert string to UTF-8
Closes #4738
|
|
Without this fix, this caused a compilation failure on AIX with IBM xlc
13.1.3 compiler.
Reported-by: Ram Krushna Mishra
Fixes #4739
Closes #4740
|
|
... as it would previously prefer new connections rather than
multiplexing in most conditions! The (now removed) code was a leftover
from the Pipelining code that was translated wrongly into a
multiplex-only world.
Reported-by: Kunal Ekawde
Bug: https://curl.haxx.se/mail/lib-2019-12/0060.html
Closes #4732
|
|
Fixup the test to instead not compare the port number. It sometimes
caused problems like this:
"curl: (45) bind failed with errno 98: Address already in use"
Closes #4733
|
|
Prior to this change the EXAMPLE in the QUOTE/PREQUOTE/POSTQUOTE man
pages would not compile because a variable name was incorrect.
Reported-by: Bylon2@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/4736
|
|
- Remove the final semi-colon in the SEC2TXT() macro definition.
Before: #define SEC2TXT(sec) case sec: txt = #sec; break;
After: #define SEC2TXT(sec) case sec: txt = #sec; break
Prior to this change SEC2TXT(foo); would generate break;; which caused
the empty expression warning.
Ref: https://github.com/curl/curl/commit/5b22e1a#r36458547
|
|
Reported-by: bxac on github
Fixes #4730
Closes #4731
|
|
When looping, first trying '.curlrc' and then '_curlrc', the function
would not free the first string.
Closes #4731
|
|
[skip ci]
|
|
Closes #4728
|
|
|
|
It is covered by USE_OPENSSL_ENGINE now.
Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/87b9337c8f76c21c57b204e88b68c6ecf3bd1ac0#commitcomment-36447951
Closes #4725
|
|
... even for macros
Reviewed-by: Daniel Gustafsson
Reviewed-by: Jay Satiro
Reported-by: Jay Satiro
Fixes #4683
Closes #4722
|
|
|
|
This reverts commit ba82673dac3e8d00a76aa5e3779a0cb80e7442af.
Bug: #4683
|
|
[skip ci]
Closes #4301
|
|
Also point to #4296 for more details
Closes #4296
|
|
Closes #4261
|
|
Reported-by: sayrer on github
Closes #4262
[skip ci]
|
|
A few tests are now passing on FreeBSD, so no longer skip them.
[skip ci]
|
|
Error: cmake 3.15.5 is already installed
To upgrade to 3.16.1, run `brew upgrade cmake`.
Closes #4723
|
|
A static libcurl (ie winbuild mode=static) requires that the user define
CURL_STATICLIB when using it in their application. This is already
covered in the FAQ and INSTALL.md, but is a pretty important point so
now it's noted in the BUILD.WINDOWS.txt as well.
Assisted-by: Michael Vittiglio
Closes https://github.com/curl/curl/pull/4721
|