aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-09-09security:read_data fix bad realloc()Daniel Stenberg
... that could end up a double-free CVE-2019-5481 Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
2019-09-09tftp: Alloc maximum blksize, and use default unless OACK is receivedThomas Vegas
Fixes potential buffer overflow from 'recvfrom()', should the server return an OACK without blksize. Bug: https://curl.haxx.se/docs/CVE-2019-5482.html CVE-2019-5482
2019-09-09tftp: return error when packet is too small for optionsThomas Vegas
2019-09-05KNOWN_BUGS/TODO: cleanup and remove outdated issuesDaniel Stenberg
2019-09-04RELEASE-NOTES: syncedDaniel Stenberg
2019-09-03netrc: free 'home' on errorDaniel Stenberg
Follow-up to f9c7ba9096ec2 Coverity CID 1453474 Closes #4291
2019-09-03urldata: avoid 'generic', use dedicated pointersDaniel Stenberg
For the 'proto' union within the connectdata struct. Closes #4290
2019-09-03cleanup: move functions out of url.c and make them staticDaniel Stenberg
Closes #4289
2019-09-03smtp: check for and bail out on too short EHLO responseDaniel Stenberg
Otherwise, a three byte response would make the smtp_state_ehlo_resp() function misbehave. Credit to OSS-Fuzz Bug: https://crbug.com/oss-fuzz/16918 Assisted-by: Max Dymond Closes #4287
2019-09-02smb: init *msg to NULL in smb_send_and_recv()Daniel Stenberg
... it might otherwise return OK from this function leaving that pointer uninitialized. Bug: https://crbug.com/oss-fuzz/16907 Closes #4286
2019-09-02ROADMAP: updated after recent user pollDaniel Stenberg
In rough prio order
2019-08-31THANKS: remove duplicateDaniel Stenberg
2019-08-31Curl_addr2string: take an addrlen argument tooDaniel Stenberg
This allows the function to figure out if a unix domain socket has a file name or not associated with it! When a socket is created with socketpair(), as done in the fuzzer testing, the path struct member is uninitialized and must not be accessed. Bug: https://crbug.com/oss-fuzz/16699 Closes #4283
2019-08-31CMake: remove needless newlines at end of gss variablesRolf Eike Beer
2019-08-31CI: remove duplicate configure flag for LGTM.comRolf Eike Beer
2019-08-31CMake: use platform dependent name for dlopen() libraryRolf Eike Beer
Closes #4279
2019-08-30quiche: expire when poll returned dataDaniel Stenberg
... to make sure we continue draining the queue until empty Closes #4281
2019-08-30quiche: decrease available buffer size, don't assign it!Daniel Stenberg
Found-by: Jeremy Lainé
2019-08-29RELEASE-NOTES: syncedDaniel Stenberg
2019-08-29curl: fix include conditionslufia
2019-08-29plan9: fix installation instructionslufia
Closes #4276
2019-08-29ngtcp2: on h3 stream close, call expireDaniel Stenberg
... to trigger a new read to detect the stream close! Closes #4275
2019-08-29ngtcp2: build latest ngtcp2 and ngtcp2_crypto_opensslTatsuhiro Tsujikawa
Closes #4278
2019-08-28ngtcp2: set flow control window to stream buffer sizeDaniel Stenberg
Closes #4274
2019-08-28CURLOPT_HEADERFUNCTION.3: clarifyChristopher Head
Closes #4273
2019-08-28CURLINFO docs: mention that in redirects times are addedDaniel Stenberg
Suggested-by: Brandon Dong Fixes #4250 Closes #4269
2019-08-28travis: enable ngtcp2 builds againDaniel Stenberg
Switched to the openssl-quic-draft-22 openssl branch. Closes #4271
2019-08-27HTTP3: switched openssl branch to useDaniel Stenberg
2019-08-27ngtcp2: Build with latest ngtcp2 and ngtcp2_crypto_opensslTatsuhiro Tsujikawa
Closes #4270
2019-08-26http2: when marked for closure and wanted to close == OKDaniel Stenberg
It could otherwise return an error even when closed correctly if GOAWAY had been received previously. Reported-by: Tom van der Woerdt Fixes #4267 Closes #4268
2019-08-26RELEASE-NOTES: syncedDaniel Stenberg
2019-08-26build-openssl: fix build with Visual Studio 2019Daniel Stenberg
Reviewed-by: Marcel Raad Contributed-by: osabc on github Fixes #4188 Closes #4266
2019-08-26vauth: return CURLE_AUTH_ERROR on gss_init_sec_context() failureKamil Dudka
This is a follow-up to https://github.com/curl/curl/pull/3864 . Closes #4224
2019-08-26KNOWN_BUGS: USE_UNIX_SOCKETS on WindowsDaniel Stenberg
Closes #4040
2019-08-26quiche: send the HTTP body correctly on callback uploadsDaniel Stenberg
Closes #4265
2019-08-26travis: disable ngtcp2 builds (temporarily)Daniel Stenberg
Just too many API changes right now Closes #4264
2019-08-25ngtcp2: add support for SSLKEYLOGFILEDaniel Stenberg
Closes #4260
2019-08-25ngtcp2: improve h3 response receivingDaniel Stenberg
Closes #4259
2019-08-25ngtcp2: use nghttp3_version()Daniel Stenberg
2019-08-25ngtcp2: sync with upstream API changesDaniel Stenberg
Assisted-by: Tatsuhiro Tsujikawa
2019-08-24scp: fix directory name length used in memcpyKyle Abramowitz
Fix read off end of array due to bad pointer math in getworkingpath for SCP home directory case. Closes #4258
2019-08-24http: the 'closed' struct field is used by both ngh2 and ngh3Daniel Stenberg
and remove 'header_recvbuf', not used for anything Reported-by: Jeremy Lainé Closes #4257
2019-08-23ngtcp2: accept upload via callbackDaniel Stenberg
Closes #4256
2019-08-23defines: avoid underscore-prefixed definesDaniel Stenberg
Double-underscored or underscore plus uppercase letter at least. ... as they're claimed to be reserved. Reported-by: patnyb on github Fixes #4254 Closes #4255
2019-08-22travis: add a build using ngtcp2 + nghttp3 (and a patched OpenSSL)Daniel Stenberg
Runs no tests Closes #4253
2019-08-21travis: bump to using nghttp2 version 1.39.2Daniel Stenberg
Closes #4252
2019-08-21docs/examples/curlx: fix errorsGisle Vanem
Initialise 'mimetype' and require the -p12 arg. Closes #4248
2019-08-20cleanup: remove DOT_CHAR completelyDaniel Stenberg
Follow-up to f9c7ba9096ec The use of DOT_CHAR for ".ssh" was probably a mistake and is removed now. Pointed-out-by: Gisle Vanem Bug: https://github.com/curl/curl/pull/4230#issuecomment-522960638 Closes #4247
2019-08-20spnego_sspi: add typecast to fix build warningDaniel Stenberg
Reported in build "Win32 target on Debian Stretch (64-bit) - i686-w64-mingw32 - gcc-20170516" Closes #4245
2019-08-20openssl: build warning free with boringsslDaniel Stenberg
Closes #4244