Age | Commit message (Collapse) | Author |
|
Make the integer overflow check not rely on the undefined behavior that
a size_t wraps around on overflow.
Detected by lgtm.com
Closes #2408
|
|
Detected by lgtm.com
|
|
Detected by lgtm.com
|
|
|
|
RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with
GMT.
Closes #2401
|
|
|
|
Currently CMake cannot detect Brotli support. This adds detection of the
libraries and associated header files. It also adds this to the
generated config.
Closes #2392
|
|
|
|
|
|
This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request
shuffling of IP addresses returned for a hostname when there is more
than one. This is useful when the application knows that a round robin
approach is appropriate and is willing to accept the consequences of
potentially discarding some preference order returned by the system's
implementation.
Closes #1694
|
|
To offer applications a more defined behavior, we clear the buffer as
early as possible.
Assisted-by: Jay Satiro
Fixes #2190
Closes #2377
|
|
Add --haproxy-protocol for the command line tool
Closes #2162
|
|
Reported-by: Vincas Razma
Fixes #2364
|
|
When a transfer is requested to get done and it is put in the pending
queue when limited by number of connections, total or per-host, libcurl
would previously very aggressively retry *ALL* pending transfers to get
them transferring. That was very time consuming.
By reducing the aggressiveness in how pending are being retried, we
waste MUCH less time on putting transfers back into pending again.
Some test cases got a factor 30(!) speed improvement with this change.
Reported-by: Cyril B
Fixes #2369
Closes #2383
|
|
Especially unpausing a transfer might have to move the socket back to the
"currently used sockets" hash to get monitored. Otherwise it would never get
any more data and get stuck. Easily triggered with pausing using the
multi_socket API.
Reported-by: Philip Prindeville
Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html
Fixes #2393
Closes #2391
|
|
* use member struct event’s instead of pointers to alloc’d struct
events
* simplify the cases for the mcode_or_die() function via macros;
* make multi_timer_cb() actually do what the block comment says it
should;
* accept a “stop” command on the FIFO to shut down the service;
* use cleaner notation for unused variables than the (void) hack;
* allow following redirections (304’s);
|
|
Due to very frequent updates of the rate limit "window", it could
attempt to rate limit within the same milliseconds and that then made
the calculations wrong, leading to it not behaving correctly on very
fast transfers.
This new logic updates the rate limit "window" to be no shorter than the
last three seconds and only updating the timestamps for this when
switching between the states TOOFAST/PERFORM.
Reported-by: 刘佩东
Fixes #2386
Closes #2388
|
|
Found via `codespell`
Closes #2389
|
|
|
|
Closes #2387
|
|
Bug: https://github.com/curl/curl/issues/2381
|
|
This is what "HTTP/0.9" basically looks like.
Reported on IRC
Closes #2382
|
|
It fails somewhere between every 3rd to 10th travis-CI run
|
|
|
|
Fixes #2380
|
|
|
|
Detected by Coverity Analysis:
Error: IDENTIFIER_TYPO:
curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: identifier_typo: Using "SuportedMech" appears to be a typo:
* Identifier "SuportedMech" is only known to be referenced here, or in copies of this code.
* Identifier "SupportedMech" is referenced elsewhere at least 4 times.
curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2651: identifier_use: Example 1: Using identifier "SupportedMech".
curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2308: identifier_use: Example 2: Using identifier "SupportedMech".
curl-7.58.0/tests/python_dependencies/impacket/spnego.py:252: identifier_use: Example 3: Using identifier "SupportedMech" (2 total uses in this function).
curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: remediation: Should identifier "SuportedMech" be replaced by "SupportedMech"?
Closes #2379
|
|
Reported-by: Aron Bergman
Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html
[ci skip]
|
|
This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248.
The assignment really needs to be there or we risk working with an
uninitialized pointer.
|
|
follow-up to 72a0f62
|
|
To sync it with changes made for the libssh2 project.
Also cleanup some whitespace.
|
|
|
|
|
|
... don't consider it an error!
Assisted-by: Jay Satiro
Reported-by: Łukasz Domeradzki
Fixes #2365
Closes #2375
|
|
|
|
|
|
CVE-2018-1000121
Reported-by: Dario Weisser
Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
|
|
Refuse to operate when given path components featuring byte values lower
than 32.
Previously, inserting a %00 sequence early in the directory part when
using the 'singlecwd' ftp method could make curl write a zero byte
outside of the allocated buffer.
Test case 340 verifies.
CVE-2018-1000120
Reported-by: Duy Phan Thanh
Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
|
|
CVE-2018-1000122
Bug: https://curl.haxx.se/docs/adv_2018-b047.html
Detected by OSS-fuzz
|
|
|
|
... and make sure to avoid integer overflows with really large values.
Reported-by: 刘佩东
Fixes #2371
Closes #2373
|
|
|
|
|
|
follow-up to e04417d
|
|
|
|
Reported-by: Michael Kaufmann
Fixes #2357
Closes #2362
|
|
... as it is interesting for many users.
|
|
|
|
|
|
|