Age | Commit message (Collapse) | Author |
|
In some cases the RSA key does not support verifying it because it's
located on a smart card, an engine wants to hide it, ...
Check the flags on the key before trying to verify it.
OpenSSL does the same thing internally; see ssl/ssl_rsa.c
Closes #1904
|
|
Otherwise, typecheck-gcc.h warns on MinGW-w64.
|
|
... in hope coverity will like it much.
|
|
|
|
Detected by coverity. CID 1418137.
|
|
Regression since ce0881edee
Coverity CID 1418139 and CID 1418136 found it, but it was also seen in
torture testing.
|
|
|
|
Closes #1896
|
|
Before merging in the oss-fuzz corpora from Google, there are some changes
to the fuzzer.
- Add a read corpus script, to display corpus files nicely.
- Change the behaviour of the fuzzer so that TLV parse failures all now
go down the same execution paths, which should reduce the size of the
corpora.
- Make unknown TLVs a failure to parse, which should decrease the size
of the corpora as well.
Closes #1881
|
|
... as it also removes a warning with old gcc versions.
Bug: https://curl.haxx.se/mail/lib-2017-09/0049.html
Reported-by: Ben Greear
|
|
Don't make the fuzzer write out to stdout - instead write some of the
contents to a memory block so we exercise the data output code but
quietly.
Closes #1885
|
|
... instead of truncating them.
There's no fixed limit for acceptable cookie names in RFC 6265, but the
entire cookie is said to be less than 4096 bytes (section 6.1). This is
also what browsers seem to implement.
We now allow max 5000 bytes cookie header. Max 4095 bytes length per
cookie name and value. Name + value together may not exceed 4096 bytes.
Added test 1151 to verify
Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html
Reported-by: Kevin Smith
Closes #1894
|
|
- openssl is already installed and causes warnings when trying to
install again
- libidn isn't used these days, and homebrew doesn't seem to have a
libidn2 package to replace with easily
Closes #1895
|
|
... previously it would store a return value even when it returned
error, which could make the value get used anyway!
Reported-by: Brian Carpenter
Closes #1893
|
|
Prior to this change it appears the SOCKS5 port parsing was erroneously
used for the SOCKS4 error message, and as a result an incorrect port
would be shown in the error message.
Bug: https://github.com/curl/curl/issues/1892
Reported-by: Jackarain@users.noreply.github.com
|
|
Schannel can only encrypt a certain amount of data at once. Instead of
failing when too much data is to be sent at once, send as much data as
we can and let the caller send the remaining data by calling send again.
Bug: https://curl.haxx.se/mail/lib-2014-07/0033.html
Closes https://github.com/curl/curl/pull/1890
|
|
lib/vtls/openssl.c uses OpenSSL APIs from BUF_MEM and BIO APIs. Include
their headers directly rather than relying on other OpenSSL headers
including things.
Closes https://github.com/curl/curl/pull/1891
|
|
|
|
|
|
Bug: https://curl.haxx.se/mail/lib-2017-09/0031.html
|
|
|
|
|
|
If the INTERLEAVEFUNCTION is defined, then use that plus the
INTERLEAVEDATA information when writing RTP. Otherwise, use
WRITEFUNCTION and WRITEDATA.
Fixes #1880
Closes #1884
|
|
Closes https://github.com/curl/curl/pull/1687
|
|
The stub implementation is pre-loaded using LD_PRELOAD
and emulates common gssapi uses (only builds if curl is
initially built with gssapi support).
The initial tests are currently disabled for debug builds
as LD_PRELOAD is not used then.
Ref: https://github.com/curl/curl/pull/1687
|
|
Closes #1889
|
|
... as when a proxy connection is being re-used, it can still get a
different remote port.
Fixes #1887
Reported-by: Oli Kingshott
|
|
|
|
Closes #1878
|
|
|
|
|
|
|
|
|
|
|
|
|
|
... as the code style mandates.
|
|
... not only HTTP uses this now.
Closes #1875
|
|
|
|
CA path processing was implemented when mbedtls.c was added to libcurl
in fe7590f, but it was never enabled.
Bug: https://github.com/curl/curl/issues/1877
Reported-by: SBKarr@users.noreply.github.com
|
|
If the default write callback is used and no destination has been set, a
NULL pointer would be passed to fwrite()'s 4th argument.
OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327
(not publicly open yet)
Detected by OSS-fuzz
Closes #1874
|
|
... to avoid a clang bug
|
|
Add support for HEADER, COOKIE, RANGE, CUSTOMREQUEST, MAIL_RECIPIENT,
MAIL_FROM and uploading data.
|
|
The tests for object file/executable file extensions are presumably only
done for the first of these macros in the configure file.
Bug: https://github.com/curl/curl/pull/1851#issuecomment-327597515
Reported-by: Marcel Raad
Closes #1873
|
|
Now that the form API is deprecated and not used anymore in curl tool,
a lot of its features left untested. Test 650 attempts to check all these
features not tested elsewhere.
|
|
- Prepend srcdir include path instead of append.
Prior to this change it was possible that during the check for the size
of curl_off_t the include path of a user's already installed curl could
come before the include path of the to-be-built curl, resulting in the
system.h of the former being incorrectly included for that check.
Closes https://github.com/curl/curl/pull/1870
|
|
It has already been fixed in 6140dfc
|
|
`conn->connect_state` is NULL when doing a regular non-CONNECT request
over the proxy and should therefor be considered complete at once.
Fixes #1853
Closes #1862
Reported-by: Lawrence Wagerfield
|
|
Another mistake in my manual fixups of the largely mechanical
search-and-replace ("connssl->" -> "BACKEND->"), just like the previous
commit concerning HTTPS proxies (and hence not caught during my
earlier testing).
Fixes #1855
Closes #1871
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
|
In d65e6cc4f (vtls: prepare the SSL backends for encapsulated private
data, 2017-06-21), this developer prepared for a separation of the
private data of the SSL backends from the general connection data.
This conversion was partially automated (search-and-replace) and
partially manual (e.g. proxy_ssl's backend data).
Sadly, there was a crucial error in the manual part, where the wrong
handle was used: rather than connecting ssl[sockindex]' BIO to the
proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason
was an incorrect location to paste "BACKEND->"... d'oh.
Reported by Jay Satiro in https://github.com/curl/curl/issues/1855.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
|
Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data,
2017-07-28), the code handling HTTPS proxies was broken because the
pointer to the SSL backend data was not swapped between
conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but
instead set to NULL (causing segmentation faults).
[jes: provided the commit message, tested and verified the patch]
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|