aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-09-10urlapi: one colon is enough for the strspn() input (typo)Daniel Stenberg
2019-09-10urlapi: verify the IPv6 numerical addressDaniel Stenberg
It needs to parse correctly. Otherwise it could be tricked into letting through a-f using host names that libcurl would then resolve. Like '[ab.be]'. Reported-by: Thomas Vegas Closes #4315
2019-09-10openssl: use SSL_CTX_set_<min|max>_proto_version() when availableClément Notin
OpenSSL 1.1.0 adds SSL_CTX_set_<min|max>_proto_version() that we now use when available. Existing code is preserved for older versions of OpenSSL. Closes #4304
2019-09-10openssl: indent, re-organize and add commentsClément Notin
2019-09-10sspi: fix memory leaksmigueljcrum
Closes #4299
2019-09-10travis: disable ngtcp2 builds (again)Daniel Stenberg
2019-09-09Curl_fillreadbuffer: avoid double-free trailer buf on errorDaniel Stenberg
Reviewed-by: Jay Satiro Reported-by: Thomas Vegas Closes #4307
2019-09-09tool_setopt: handle a libcurl build without netrc supportDaniel Stenberg
Reported-by: codesniffer13 on github Fixes #4302 Closes #4305
2019-09-09security:read_data fix bad realloc()Daniel Stenberg
... that could end up a double-free CVE-2019-5481 Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
2019-09-09tftp: Alloc maximum blksize, and use default unless OACK is receivedThomas Vegas
Fixes potential buffer overflow from 'recvfrom()', should the server return an OACK without blksize. Bug: https://curl.haxx.se/docs/CVE-2019-5482.html CVE-2019-5482
2019-09-09tftp: return error when packet is too small for optionsThomas Vegas
2019-09-05KNOWN_BUGS/TODO: cleanup and remove outdated issuesDaniel Stenberg
2019-09-04RELEASE-NOTES: syncedDaniel Stenberg
2019-09-03netrc: free 'home' on errorDaniel Stenberg
Follow-up to f9c7ba9096ec2 Coverity CID 1453474 Closes #4291
2019-09-03urldata: avoid 'generic', use dedicated pointersDaniel Stenberg
For the 'proto' union within the connectdata struct. Closes #4290
2019-09-03cleanup: move functions out of url.c and make them staticDaniel Stenberg
Closes #4289
2019-09-03smtp: check for and bail out on too short EHLO responseDaniel Stenberg
Otherwise, a three byte response would make the smtp_state_ehlo_resp() function misbehave. Credit to OSS-Fuzz Bug: https://crbug.com/oss-fuzz/16918 Assisted-by: Max Dymond Closes #4287
2019-09-02smb: init *msg to NULL in smb_send_and_recv()Daniel Stenberg
... it might otherwise return OK from this function leaving that pointer uninitialized. Bug: https://crbug.com/oss-fuzz/16907 Closes #4286
2019-09-02ROADMAP: updated after recent user pollDaniel Stenberg
In rough prio order
2019-08-31THANKS: remove duplicateDaniel Stenberg
2019-08-31Curl_addr2string: take an addrlen argument tooDaniel Stenberg
This allows the function to figure out if a unix domain socket has a file name or not associated with it! When a socket is created with socketpair(), as done in the fuzzer testing, the path struct member is uninitialized and must not be accessed. Bug: https://crbug.com/oss-fuzz/16699 Closes #4283
2019-08-31CMake: remove needless newlines at end of gss variablesRolf Eike Beer
2019-08-31CI: remove duplicate configure flag for LGTM.comRolf Eike Beer
2019-08-31CMake: use platform dependent name for dlopen() libraryRolf Eike Beer
Closes #4279
2019-08-30quiche: expire when poll returned dataDaniel Stenberg
... to make sure we continue draining the queue until empty Closes #4281
2019-08-30quiche: decrease available buffer size, don't assign it!Daniel Stenberg
Found-by: Jeremy Lainé
2019-08-29RELEASE-NOTES: syncedDaniel Stenberg
2019-08-29curl: fix include conditionslufia
2019-08-29plan9: fix installation instructionslufia
Closes #4276
2019-08-29ngtcp2: on h3 stream close, call expireDaniel Stenberg
... to trigger a new read to detect the stream close! Closes #4275
2019-08-29ngtcp2: build latest ngtcp2 and ngtcp2_crypto_opensslTatsuhiro Tsujikawa
Closes #4278
2019-08-28ngtcp2: set flow control window to stream buffer sizeDaniel Stenberg
Closes #4274
2019-08-28CURLOPT_HEADERFUNCTION.3: clarifyChristopher Head
Closes #4273
2019-08-28CURLINFO docs: mention that in redirects times are addedDaniel Stenberg
Suggested-by: Brandon Dong Fixes #4250 Closes #4269
2019-08-28travis: enable ngtcp2 builds againDaniel Stenberg
Switched to the openssl-quic-draft-22 openssl branch. Closes #4271
2019-08-27HTTP3: switched openssl branch to useDaniel Stenberg
2019-08-27ngtcp2: Build with latest ngtcp2 and ngtcp2_crypto_opensslTatsuhiro Tsujikawa
Closes #4270
2019-08-26http2: when marked for closure and wanted to close == OKDaniel Stenberg
It could otherwise return an error even when closed correctly if GOAWAY had been received previously. Reported-by: Tom van der Woerdt Fixes #4267 Closes #4268
2019-08-26RELEASE-NOTES: syncedDaniel Stenberg
2019-08-26build-openssl: fix build with Visual Studio 2019Daniel Stenberg
Reviewed-by: Marcel Raad Contributed-by: osabc on github Fixes #4188 Closes #4266
2019-08-26vauth: return CURLE_AUTH_ERROR on gss_init_sec_context() failureKamil Dudka
This is a follow-up to https://github.com/curl/curl/pull/3864 . Closes #4224
2019-08-26KNOWN_BUGS: USE_UNIX_SOCKETS on WindowsDaniel Stenberg
Closes #4040
2019-08-26quiche: send the HTTP body correctly on callback uploadsDaniel Stenberg
Closes #4265
2019-08-26travis: disable ngtcp2 builds (temporarily)Daniel Stenberg
Just too many API changes right now Closes #4264
2019-08-25ngtcp2: add support for SSLKEYLOGFILEDaniel Stenberg
Closes #4260
2019-08-25ngtcp2: improve h3 response receivingDaniel Stenberg
Closes #4259
2019-08-25ngtcp2: use nghttp3_version()Daniel Stenberg
2019-08-25ngtcp2: sync with upstream API changesDaniel Stenberg
Assisted-by: Tatsuhiro Tsujikawa
2019-08-24scp: fix directory name length used in memcpyKyle Abramowitz
Fix read off end of array due to bad pointer math in getworkingpath for SCP home directory case. Closes #4258
2019-08-24http: the 'closed' struct field is used by both ngh2 and ngh3Daniel Stenberg
and remove 'header_recvbuf', not used for anything Reported-by: Jeremy Lainé Closes #4257