Age | Commit message (Collapse) | Author |
|
Response data for a handle with a large buffer might be cached and then
used with the "closure" handle when it has a smaller buffer and then the
larger cache will be copied and overflow the new smaller heap based
buffer.
Reported-by: Dario Weisser
CVE: CVE-2018-1000300
Bug: https://curl.haxx.se/docs/adv_2018-82c2.html
|
|
... leaving the k->str could lead to buffer over-reads later on.
CVE: CVE-2018-1000301
Assisted-by: Max Dymond
Detected by OSS-Fuzz.
Bug: https://curl.haxx.se/docs/adv_2018-b138.html
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
|
|
RFC 6265 section 4.2.1 does not set restrictions on cookie names.
This is a follow-up to commit 7f7fcd0.
Also explicitly check proper syntax of cookie name/value pair.
New test 1155 checks that cookie names are not reserved words.
Reported-By: anshnd at github
Fixes #2564
Closes #2566
|
|
Assisted-by: Max Dymond
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
|
|
Detected by Coverity; CID 1435559. Follow-up to f8d608f38d00. It would
index the array with -1 if neither index was a socket.
|
|
Closes #2558
|
|
To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES
handling is causing problems. This fix changes the OpenSSL backend code
to use BIO functions instead of FILE I/O functions to circumvent those
problems.
Closes #2512
|
|
Assisted-by: Dan Fandrich
Closes #2528
|
|
|
|
|
|
This file wasn't included in commit 4af40b3646d3b09 which updated all
haxx.se http urls to https. The file was committed prior to that update,
but may have been merged after it and hence didn't get updated.
Closes #2550
|
|
|
|
follow-up to e66cca046cef
|
|
... instead of previous separate struct fields, to make it easier to
extend and change individual backends without having to modify them all.
closes #2547
|
|
Curl_setup_transfer() can be called to setup a new individual transfer
over a multiplexed connection so it shouldn't unset writesockfd.
Bug: #2520
Closes #2549
|
|
They are removed from the compiler flags.
This ensures that make dependency tracking will force a rebuild whenever
configure --enable-debug or --enable-curldebug changes.
Closes #2548
|
|
It triggers an assert.
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144
Closes #2546
|
|
Closes #2531
|
|
When only building with SSL backends that don't use the CA bundle file
(by default), skip the check.
Fixes #2543
Fixes #2180
Closes #2545
|
|
ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to
represent, but 'int' only has 32 bits [-Wshift-overflow=]
'len' will never be that big anyway so I converted the run-time check to
a regular assert.
|
|
Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the
changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of
the problem that strcpy_url() was modified unilaterally without also
modifying strlen_url(). As a consequence strcpy_url() was again
depending on ASCII encoding.
This change fixes strlen_url() and strcpy_url() in parallel to use a
common host-encoding independent criterion for deciding whether an URL
character must be %-escaped.
Closes #2535
|
|
Closes #2544
|
|
|
|
This reverts commit d5d683a97f9765bddfd964fe32e137aa6e703ed3.
--disable-pthreads can be used to disable pthreads and get the threaded
resolver to use the windows threading when building with mingw.
|
|
... as it defines it (too)
|
|
|
|
Closes https://github.com/curl/curl/pull/2542
|
|
Feedback-by: Michael Kilburn
|
|
Closes #1411
|
|
Closes #1508
|
|
Closes #2051
|
|
Closes #1332
|
|
It seems to not be detected by default anymore (which is a bug I
believe)
Closes #2541
|
|
Closes #2299
|
|
Closes #2252
|
|
... and make test 1026 rely on that feature so that --disable-manual
builds don't cause test failures.
Reported-by: Max Dymond and Anders Roxell
Fixes #2533
Closes #2540
|
|
|
|
Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused,
so remove as it's not part of the published API.
Closes https://github.com/curl/curl/pull/2537
|
|
This extends the INDENTATION case to also handle 'else' statements
and require proper indentation on the following line. Also fixes the
offending cases found in the codebase.
Closes #2532
|
|
This function can get called on a connection that isn't setup enough to
have the 'recv_underlying' function pointer initialized so it would try
to call the NULL pointer.
Reported-by: Dario Weisser
Follow-up to db1b2c7fe9b093f8 (never shipped in a release)
Closes #2536
|
|
Follow-up to 1514c44655e12e: replace another strstr() call done on a
buffer that might not be zero terminated - with a memchr() call, even if
we know the substring will be found.
Assisted-by: Max Dymond
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021
Closes #2534
|
|
WolfSSL doesn't enable it by default anymore
|
|
|
|
|
|
All occurrences of assignment within conditional expression in
os400sys.c rewritten into two steps: first assignment and then the check
on the success of the assignment. Also adjust related incorrect brace
positions to match project indentation style.
This was spurred by seeing "if((inp = input_token))", but while in there
all warnings were fixed.
There should be no functional change from these changes.
Closes #2525
|
|
The jar should be written iff there are cookies, so ensure that we still
have cookies after expiration to avoid creating an empty file.
Closes #2529
|
|
OSS-Fuzz detected
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000
Broke in dd7521bcc1b7
|
|
Coverity detected, CID 1435120
Closes #2527
|
|
With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic
character classification macros and functions were introduced in
curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on
non-ASCII, e.g. EBCDIC platforms. This change restores the previous set
of character classification macros when CURL_DOES_CONVERSIONS is
defined.
Closes #2494
|
|
Fixes FTP wildcard parsing when done over a number of read buffers.
Regression from f786d1f14
Reported-by: wncboy on github
Fixes #2445
Closes #2526
|