Age | Commit message (Collapse) | Author |
|
Prior to this change the stored byte count of each trailer was
miscalculated and 1 less than required. It appears any trailer
after the first that was passed to Curl_client_write would be truncated
or corrupted as well as the size. Potentially the size of some
subsequent trailer could be erroneously extracted from the contents of
that trailer, and since that size is used by client write an
out-of-bounds read could occur and cause a crash or be otherwise
processed by client write.
The bug appears to have been born in 0761a51 (precedes 7.49.0).
Closes https://github.com/curl/curl/pull/2231
|
|
Before calling Curl_client_chop_write(), change the owner of connection
to the current Curl_easy handle. This will fix the issue #2217.
Fixes https://github.com/curl/curl/issues/2217
Closes https://github.com/curl/curl/pull/2221
|
|
__SIZEOF_LONG__ was introduced in GCC 4.4, __LONG_MAX__ was introduced
in GCC 3.3.
Closes #2216
|
|
|
|
to increase accuracy for quick transfers
Fixes #2200
Closes #2206
|
|
- Enable execute permission (chmod +x)
- Change interpreter to /usr/bin/env perl
Closes https://github.com/curl/curl/pull/2222
|
|
|
|
.. because limits.h presence isn't optional, it's required by C89.
Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2
Closes https://github.com/curl/curl/pull/2215
|
|
- Free the copy of SSLKEYLOGFILE env returned by curl_getenv during ossl
initialization.
Caught by ASAN.
|
|
This reverts commit c97648b55080343bb371522bf4233e94a2a13a99.
SIZEOF_LONG should not be checked in system.h since that macro is only
defined when building libcurl.
Ref: https://github.com/curl/curl/pull/2186#issuecomment-354767080
Ref: https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
|
|
|
|
|
|
Reported-by: Pete Lomax
Bug: https://curl.haxx.se/mail/lib-2017-12/0074.html
|
|
Decoding loop implementation did not concern the case when all
received data is consumed by Brotli decoder and the size of decoded
data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE.
For content with unencoded length greater than CURL_MAX_WRITE_SIZE this
can result in the loss of data at the end of content.
Closes #2194
|
|
- Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback
since it's possible the cert may have already been loaded by libcurl.
- Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc.
Instead have it direct the reader to this cacertinmem.c example.
- Fix the CA certificate to use the right CA for example.com, Digicert.
Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html
Reported-by: Thomas van Hesteren
Closes https://github.com/curl/curl/pull/2182
|
|
- Move the size modifier detection code from limit-rate to its own
function so that it can also be used with max-filesize.
Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc.
For example --max-filesize 1G
Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html
Closes https://github.com/curl/curl/pull/2179
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Closes https://github.com/curl/curl/pull/2186
|
|
Closes https://github.com/curl/curl/pull/2185
|
|
Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level
functions dealing with UserDefined structure contents.
This avoids memory leakages on curl-generated part mime headers.
New test 2073 checks this using the cli tool --next option: it
triggers a valgrind error if bug is present.
Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html
Reported-by: Martin Galvan
|
|
- When zlib version is < 1.2.0.4, process gzip trailer before considering
extra data as an error.
- Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data
and minimize corrupt data output.
- Do not try to restart deflate decompression in raw mode if output has
started or if the leading data is not available anymore.
- New test 232 checks inflating raw-deflated content.
Closes #2068
|
|
Some error codes were not yet defined in brotli 0.6.0: do not issue code
for them in this case.
|
|
Bug: #2175
[ci skip]
|
|
scan-build would warn on a potential access of an uninitialized
buffer. I deem it a false positive and had to add this somewhat ugly
work-around to silence it.
|
|
A scan-build warning.
|
|
This broke in 07cb27c98e. Make sure to return 'result' properly. Pointed
out by scan-build!
|
|
Bug: #2174
|
|
Follow-up to c92d2e1
Closes #2172
|
|
... to make it clearer that the options want address-only, while the
headers in an email can also have the real name.
Assisted-by: Sean MacLennan
|
|
... as I reran the contrithanks script after the mailmap name fixups.
|
|
|
|
... for the CURLOPT_TIMEOUT, CURLOPT_CONNECTTIMEOUT and
CURLOPT_SERVER_RESPONSE_TIMEOUT range checks.
Reported-by: Dominik Hölzl
Bug: https://curl.haxx.se/mail/lib-2017-12/0037.html
Closes #2173
|
|
Fixed undefined symbol of getenv() which does not exist when compiling
for Windows 10 App (CURL_WINDOWS_APP). Replaced getenv() with
curl_getenv() which is aware of getenv() absence when CURL_WINDOWS_APP
is defined.
Closes #2171
|
|
|
|
Suggested-by: Rainer Canavan
Closes #2126
|
|
|
|
|
|
|
|
This reverts commit 9ffad8eb1329bb35c8988115ac7ed85cf91ef955.
It was actually added rather recently in 8e8afa82cbb629 due to a crash
that would otherwise happen in the RTSP code. As I don't think we've
fixed that behavior yet, we better keep this work-around until we have
fixed it better.
|
|
|
|
|
|
Prune the DNS cache immediately after the dns entry is unlocked in
multi_done. Timed out entries will then get discarded in a more orderly
fashion.
Test506 is updated
Reported-by: Oleg Pudeyev
Fixes #2169
Closes #2170
|
|
|
|
Prior to this change SSLKEYLOGFILE used line buffering on WIN32 just
like it does for other platforms. However, the Windows CRT does not
actually support line buffering (_IOLBF) and will use full buffering
(_IOFBF) instead. We can't use full buffering because multiple processes
may be writing to the file and that could lead to corruption, and since
full buffering is the only buffering available this commit disables
buffering for Windows SSLKEYLOGFILE entirely (_IONBF).
Ref: https://github.com/curl/curl/pull/1346#issuecomment-350530901
|
|
... to help users understand what is or isn't done!
|