Age | Commit message (Collapse) | Author |
|
The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pattern
matching function is used.
Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161
CVE-2017-8817
Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
|
|
- Align the array of ssl_backend_data on a max 32 byte boundary.
8 is likely to be ok but I went with 32 for posterity should one of
the ssl_backend_data structs change to contain a larger sized variable
in the future.
Prior to this change (since dev 70f1db3, release 7.56) the connectdata
structure was undersized by 4 bytes in 32-bit builds with ssl enabled
because long long * was mistakenly used for alignment instead of
long long, with the intention being an 8 byte boundary. Also long long
may not be an available type.
The undersized connectdata could lead to oob read/write past the end in
what was expected to be the last 4 bytes of the connection's secondary
socket https proxy ssl_backend_data struct (the secondary socket in a
connection is used by ftp, others?).
Closes https://github.com/curl/curl/issues/2093
CVE-2017-8818
Bug: https://curl.haxx.se/docs/adv_2017-af0a.html
|
|
With this check present, scan-build warns that we might dereference this
point in other places where it isn't first checked for NULL. Thus, if it
*can* be NULL we have a problem on a few places. However, this pointer
should not be possible to be NULL here so I remove the check and thus
also three different scan-build warnings.
Closes #2111
|
|
|
|
|
|
* LOTS of comment updates
* explicit error for SMB shares (e.g. "file:////share/path/file")
* more strict handling of authority (i.e. "//localhost/")
* now accepts dodgy old "C:|" drive letters
* more precise handling of drive letters in and out of Windows
(especially recognising both "file:c:/" and "file:/c:/")
Closes #2110
|
|
Reported by scan-build
Closes #2109
|
|
The new API added in Linux 4.11 only requires setting a socket option
before connecting, without the whole sento() machinery.
Notably, this makes it possible to use TFO with SSL connections on Linux
as well, without the need to mess around with OpenSSL (or whatever other
SSL library) internals.
Closes #2056
|
|
Fixes #2097
Closes #2108
|
|
|
|
eg consider a non-existent interface eth8, curl --interface eth8
Before: curl: (45) Could not resolve host: eth8
After: curl: (45) Couldn't bind to 'eth8'
Bug: https://github.com/curl/curl/issues/2104
Reported-by: Alfonso Martone
|
|
Fixes #2106
Reported-by: youngchopin on github
|
|
|
|
Host names like "127.0.0.1 moo" would otherwise be accepted by some
getaddrinfo() implementations.
Updated test 1034 and 1035 accordingly.
Fixes #2073
Closes #2092
|
|
Closes #2098
|
|
|
|
|
|
|
|
|
|
Fixes a scan-build warning.
|
|
|
|
|
|
- Add braces around multi-line if statement.
Closes https://github.com/curl/curl/pull/2096
|
|
... so that IPv6 addresses can be passed like they can for connect-to
and how they're used in URLs.
Added test 1324 to verify
Reported-by: Alex Malinovich
Fixes #2087
Closes #2091
|
|
The previous fix https://github.com/curl/curl/pull/1788 worked just for
Xcode 9. This commit extends the fix to older Xcode versions effectively
by not using connectx function.
Fixes https://github.com/curl/curl/issues/1330
Fixes https://github.com/curl/curl/issues/2080
Closes https://github.com/curl/curl/pull/1336
Closes #2082
|
|
Fixes #2079
Closes #2081
|
|
Closes #1455
|
|
|
|
Follow-up to aadb7c7. Verified by new test 1263.
Closes #2072
|
|
|
|
There is a conflict on symbol 'free_func' between openssl/crypto.h and
zlib.h on AIX. This is an attempt to resolve it.
Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html
Reported-By: Michael Felt
|
|
Reported-by: Brian Carpenter
|
|
Closes #2071
|
|
Closes #2069
|
|
... to make url.c smaller.
Closes #1944
|
|
Ensure HAVE_SETMODE is set to 1 on OSes that have setmode. Without this,
curl will corrupt binary files when writing them to stdout on Windows.
Closes https://github.com/curl/curl/pull/2067
|
|
CID 984459, detected by Coverity
|
|
Update CMakeLists.txt to add curl.rc to the correct list.
|
|
|
|
The --interface command (CURLOPT_INTERFACE option) already uses
SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP
address first, which fails in case the user passes a VRF.
Try to use the socket option immediately and parse it as a fallback
instead. Update the documentation to mention this feature, and that it
requires the binary to be ran by root or with CAP_NET_RAW capabilities
for this to work.
Closes #2024
|
|
Closes #2043
|
|
|
|
|
|
|
|
As documented in RFC 3501 section 9:
https://tools.ietf.org/html/rfc3501#section-9
Closes #2061
|
|
... previously it would store it already in the happy eyeballs stage
which could lead to the IPv6 bit being set for an IPv4 connection,
leading to curl not wanting to do EPSV=>PASV for FTP transfers.
Closes #2053
|
|
... even when there's no socket to wait for, the timeout can still be
very short.
|
|
- Don't call zlib's inflate() when avail_in stream bytes is 0.
This is a follow up to the parent commit 19e66e5. Prior to that change
libcurl's inflate_stream could call zlib's inflate even when no bytes
were available, causing inflate to return Z_BUF_ERROR, and then
inflate_stream would treat that as a hard error and return
CURLE_BAD_CONTENT_ENCODING.
According to the zlib FAQ, Z_BUF_ERROR is not fatal.
This bug would happen randomly since packet sizes are arbitrary. A test
of 10,000 transfers had 55 fail (ie 0.55%).
Ref: https://zlib.net/zlib_faq.html#faq05
Closes https://github.com/curl/curl/pull/2060
|
|
|
|
There was a duplicate check for backslashes in the setcharset()
function.
Coverity CID 1420611
|