aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-09-15doh: fix (harmless) buffer overrunPaul Dreik
Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version.
2019-09-15docs: remove trailing ':' from section names in CURLOPT_TRAILER* manAlessandro Ghedini
2019-09-15docs: fix typo in CURLOPT_HTTP_VERSION manAlessandro Ghedini
2019-09-14CI: inintial github action jobDaniel Stenberg
First shot at a CI build on github actions
2019-09-13appveyor: add a winbuildDaniel Stenberg
Assisted-by: Marcel Raad Assisted-by: Jay Satiro Closes #4324
2019-09-13FTP: allow "rubbish" prepended to the SIZE responseDaniel Stenberg
This is a protocol violation but apparently there are legacy proprietary servers doing this. Added test 336 and 337 to verify. Reported-by: Philippe Marguinaud Closes #4339
2019-09-13FTP: skip CWD to entry dir when target is absoluteZenju
Closes #4332
2019-09-13curl: fix memory leaked by parse_metalink()Kamil Dudka
This commit fixes a regression introduced by curl-7_65_3-5-gb88940850. Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind and libmetalink enabled. Closes #4326
2019-09-13parsedate: still provide the name arrays when disabledDaniel Stenberg
If FILE or FTP are enabled, since they also use them! Reported-by: Roland Hieber Fixes #4325 Closes #4343
2019-09-13curl:file2string: load large files much fasterGilles Vollant
... by using a more efficient realloc scheme. Bug: https://curl.haxx.se/mail/lib-2019-09/0045.html Closes #4336
2019-09-13openssl: close_notify on the FTP data connection doesn't mean closureDaniel Stenberg
For FTPS transfers, curl gets close_notify on the data connection without that being a signal to close the control connection! Regression since 3f5da4e59a556fc (7.65.0) Reported-by: Zenju on github Reviewed-by: Jay Satiro Fixes #4329 Closes #4340
2019-09-12docs/HTTP3: fix `--with-ssl` ngtcp2 configure flagJimmy Gaussen
Closes #4338
2019-09-12RELEASE-NOTES: syncedDaniel Stenberg
2019-09-12curlver: bump to 7.66.1Daniel Stenberg
2019-09-12setopt: make it easier to add new enum valuesZenju
... by using the *_LAST define names better. Closes #4321
2019-09-12asyn-thread: s/AF_LOCAL/AF_UNIX for SolarisDaniel Stenberg
Reported-by: Dagobert Michelsen Fixes #4328 Closes #4333
2019-09-11winbuild/MakefileBuild.vc: Add vsshBernhard Walle
Without that modification, the Windows build using the makefiles doesn't work. Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu> Fixes #4322 Closes #4323
2019-09-11winbuild/MakefileBuild.vc: Fix line endingsBernhard Walle
The file had mixed line endings. Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu>
2019-09-11ldap: Stop using wide char version of ldapp_err2stringJay Satiro
Despite ldapp_err2string being documented by MS as returning a PCHAR (char *), when UNICODE it is mapped to ldap_err2stringW and returns PWCHAR (wchar_t *). We have lots of code that expects ldap_err2string to return char *, most of it failf used like this: failf(data, "LDAP local: Some error: %s", ldap_err2string(rc)); Closes https://github.com/curl/curl/pull/4272
2019-09-10RELEASE-NOTES: curl 7.66.0Daniel Stenberg
2019-09-10THANKS: from the 7.66.0 releaseDaniel Stenberg
2019-09-10curl: make sure the parallel transfers do them allDaniel Stenberg
The logic could erroneously break the loop too early before all transfers had been transferred. Reported-by: Tom van der Woerdt Fixes #4316 Closes #4317
2019-09-10urlapi: one colon is enough for the strspn() input (typo)Daniel Stenberg
2019-09-10urlapi: verify the IPv6 numerical addressDaniel Stenberg
It needs to parse correctly. Otherwise it could be tricked into letting through a-f using host names that libcurl would then resolve. Like '[ab.be]'. Reported-by: Thomas Vegas Closes #4315
2019-09-10openssl: use SSL_CTX_set_<min|max>_proto_version() when availableClément Notin
OpenSSL 1.1.0 adds SSL_CTX_set_<min|max>_proto_version() that we now use when available. Existing code is preserved for older versions of OpenSSL. Closes #4304
2019-09-10openssl: indent, re-organize and add commentsClément Notin
2019-09-10sspi: fix memory leaksmigueljcrum
Closes #4299
2019-09-10travis: disable ngtcp2 builds (again)Daniel Stenberg
2019-09-09Curl_fillreadbuffer: avoid double-free trailer buf on errorDaniel Stenberg
Reviewed-by: Jay Satiro Reported-by: Thomas Vegas Closes #4307
2019-09-09tool_setopt: handle a libcurl build without netrc supportDaniel Stenberg
Reported-by: codesniffer13 on github Fixes #4302 Closes #4305
2019-09-09security:read_data fix bad realloc()Daniel Stenberg
... that could end up a double-free CVE-2019-5481 Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
2019-09-09tftp: Alloc maximum blksize, and use default unless OACK is receivedThomas Vegas
Fixes potential buffer overflow from 'recvfrom()', should the server return an OACK without blksize. Bug: https://curl.haxx.se/docs/CVE-2019-5482.html CVE-2019-5482
2019-09-09tftp: return error when packet is too small for optionsThomas Vegas
2019-09-05KNOWN_BUGS/TODO: cleanup and remove outdated issuesDaniel Stenberg
2019-09-04RELEASE-NOTES: syncedDaniel Stenberg
2019-09-03netrc: free 'home' on errorDaniel Stenberg
Follow-up to f9c7ba9096ec2 Coverity CID 1453474 Closes #4291
2019-09-03urldata: avoid 'generic', use dedicated pointersDaniel Stenberg
For the 'proto' union within the connectdata struct. Closes #4290
2019-09-03cleanup: move functions out of url.c and make them staticDaniel Stenberg
Closes #4289
2019-09-03smtp: check for and bail out on too short EHLO responseDaniel Stenberg
Otherwise, a three byte response would make the smtp_state_ehlo_resp() function misbehave. Credit to OSS-Fuzz Bug: https://crbug.com/oss-fuzz/16918 Assisted-by: Max Dymond Closes #4287
2019-09-02smb: init *msg to NULL in smb_send_and_recv()Daniel Stenberg
... it might otherwise return OK from this function leaving that pointer uninitialized. Bug: https://crbug.com/oss-fuzz/16907 Closes #4286
2019-09-02ROADMAP: updated after recent user pollDaniel Stenberg
In rough prio order
2019-08-31THANKS: remove duplicateDaniel Stenberg
2019-08-31Curl_addr2string: take an addrlen argument tooDaniel Stenberg
This allows the function to figure out if a unix domain socket has a file name or not associated with it! When a socket is created with socketpair(), as done in the fuzzer testing, the path struct member is uninitialized and must not be accessed. Bug: https://crbug.com/oss-fuzz/16699 Closes #4283
2019-08-31CMake: remove needless newlines at end of gss variablesRolf Eike Beer
2019-08-31CI: remove duplicate configure flag for LGTM.comRolf Eike Beer
2019-08-31CMake: use platform dependent name for dlopen() libraryRolf Eike Beer
Closes #4279
2019-08-30quiche: expire when poll returned dataDaniel Stenberg
... to make sure we continue draining the queue until empty Closes #4281
2019-08-30quiche: decrease available buffer size, don't assign it!Daniel Stenberg
Found-by: Jeremy Lainé
2019-08-29RELEASE-NOTES: syncedDaniel Stenberg
2019-08-29curl: fix include conditionslufia