| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
Reported-by: Bruce Stephens
Fixes #1098
|
|
Follow-up to 502acba2
|
|
|
|
|
|
Coverity CID 1374359 pointed out the unused result value.
|
|
Coverity CID 1374358
|
|
.. because including those headers helps Visual Studio's Intellisense.
|
|
..because they're no longer needed in the tool build. strcase is still
built by the libcurl project and exports curl_str(n)equal which is used
by the curl tool.
Bug: https://github.com/curl/curl/commit/9363f1a#all_commit_comments
|
|
... and now it avoids using the libcurl toupper() function
|
|
follow-up to 46133aa5
|
|
...to use the public function curl_strnequal(). This isn't ideal because
it adds extra overhead to any internal calls to checkprefix.
follow-up to 95bd2b3e
|
|
|
|
Suggested-by: Dan Jacobson
Issue: https://github.com/curl/curl/issues/1097
|
|
... since the curlx_* code no longer provides one and we don't link
libcurl to these test servers.
|
|
As they are after all part of the public API. Saves space and reduces
complexity. Remove the strcase defines from the curlx_ family.
Suggested-by: Dan Fandrich
Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
|
|
follow-up to 811a693b80
|
|
This should fix the "warning: 'curl_strequal' redeclared without
dllimport attribute: previous dllimport ignored" message and subsequent
link error on Windows because of the missing CURL_EXTERN on the
prototype.
|
|
|
|
Follow-up to 811a693b
|
|
This is a followup to commit 811a693b
|
|
Fix compile break from 811a693b80
|
|
The internal version strcasecompare isn't available outside libcurl
|
|
|
|
follow-up to 4f8d0b6f02aa7043. Since the darwinssl code breaks
otherwise. If you build without darwinssl 10.5 works fine.
|
|
as that is still part of the API, fix from 8fe4bd084412f30
|
|
Fix bug from 811a693b80
|
|
Mistake brought by 9c91ec778104a
|
|
These two public functions have been mentioned as deprecated since a
very long time but since they are still part of the API and ABI we need
to keep them around.
|
|
some more follow-ups to 811a693b80
|
|
follow-up to 811a693b80
|
|
|
|
... that will ignore lines that are too long to fit in the buffer.
CVE-2016-8615
Bug: https://curl.haxx.se/docs/adv_20161102A.html
Reported-by: Cure53
|
|
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
|
|
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
|
|
... otherwise example.com/PATH and example.com/path would be assumed to
be the same and they usually aren't!
|
|
|
|
CVE-2016-8616
Bug: https://curl.haxx.se/docs/adv_20161102B.html
Reported-by: Cure53
|
|
CVE-2016-8617
Bug: https://curl.haxx.se/docs/adv_20161102C.html
Reported-by: Cure53
|
|
If the requested size is zero, bail out with error instead of doing a
realloc() that would cause a double-free: realloc(0) acts as a free()
and then there's a second free in the cleanup path.
CVE-2016-8619
Bug: https://curl.haxx.se/docs/adv_20161102E.html
Reported-by: Cure53
|
|
On 32bit systems we could otherwise wrap around after 2GB and allocate 0
bytes and crash.
CVE-2016-8618
Bug: https://curl.haxx.se/docs/adv_20161102D.html
Reported-by: Cure53
|
|
... which previously would lead to out of boundary reads.
Reported-by: Luật Nguyễn
|
|
|
|
CVE-2016-8620
Bug: https://curl.haxx.se/docs/adv_20161102F.html
Reported-by: Luật Nguyễn
|
|
... and don't read outside of the given buffer!
CVE-2016-8621
bug: https://curl.haxx.se/docs/adv_20161102G.html
Reported-by: Luật Nguyễn
|
|
Since the internal Curl_urldecode() function has a better API.
|
|
CVE-2016-8622
Bug: https://curl.haxx.se/docs/adv_20161102H.html
Reported-by: Cure53
|
