aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-02-18rand: Fix a mismatch between comments in source and header.Frank Gevaerts
Reported-by: Björn Stenberg <bjorn@haxx.se> Closes #3584
2019-02-18x509asn1: replace single char with an arrayPatrick Monnerat
Although safe in this context, using a single char as an array may cause invalid accesses to adjacent memory locations. Detected by Coverity.
2019-02-18examples/http2-serverpush: add some sensible error checksDaniel Stenberg
To avoid NULL pointer dereferences etc in the case of problems. Closes #3580
2019-02-18easy: fix win32 init to work without CURL_GLOBAL_WIN32Jay Satiro
- Change the behavior of win32_init so that the required initialization procedures are not affected by CURL_GLOBAL_WIN32 flag. libcurl via curl_global_init supports initializing for win32 with an optional flag CURL_GLOBAL_WIN32, which if omitted was meant to stop Winsock initialization. It did so internally by skipping win32_init() when that flag was set. Since then win32_init() has been expanded to include required initialization routines that are separate from Winsock and therefore must be called in all cases. This commit fixes it so that CURL_GLOBAL_WIN32 only controls the optional win32 initialization (which is Winsock initialization, according to our doc). The only users affected by this change are those that don't pass CURL_GLOBAL_WIN32 to curl_global_init. For them this commit removes the risk of a potential crash. Ref: https://github.com/curl/curl/pull/3573 Fixes https://github.com/curl/curl/issues/3313 Closes https://github.com/curl/curl/pull/3575
2019-02-17cookie: Add support for cookie prefixesDaniel Gustafsson
The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes and how they should affect cookie initialization, which has been adopted by the major browsers. This adds support for the two prefixes defined, __Host- and __Secure, and updates the testcase with the supplied examples from the draft. Closes #3554 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-16mbedtls: release sessionid resources on errorDaniel Gustafsson
If mbedtls_ssl_get_session() fails, it may still have allocated memory that needs to be freed to avoid leaking. Call the library API function to release session resources on this errorpath as well as on Curl_ssl_addsessionid() errors. Closes: #3574 Reported-by: Michał Antoniak <M.Antoniak@posnet.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-16cli tool: refactor encoding conversion sequence for switch case fallthrough.Patrick Monnerat
2019-02-16version.c: silent scan-build even when librtmp is not enabledPatrick Monnerat
2019-02-15RELEASE-NOTES: syncedDaniel Stenberg
2019-02-15Curl_now: figure out windows version in win32_initDaniel Stenberg
... and avoid use of static variables that aren't thread safe. Fixes regression from e9ababd4f5a (present in the 7.64.0 release) Reported-by: Paul Groke Fixes #3572 Closes #3573
2019-02-15unit1307: just fail without FTP supportMarcel Raad
I missed to check this in with commit 71786c0505926aaf7e9b2477b2fb7ee16a915ec6, which only disabled the test. This fixes the actual linker error. Closes https://github.com/curl/curl/pull/3568
2019-02-15travis: enable valgrind for the iconv tests tooDaniel Stenberg
Closes #3571
2019-02-14travis: add scan-buildDaniel Stenberg
Closes #3564
2019-02-14examples/sftpuploadresume: Value stored to 'result' is never readDaniel Stenberg
Detected by scan-build
2019-02-14examples/http2-upload: cleaned upDaniel Stenberg
Fix scan-build warnings, no globals, no silly handle scan. Also remove handles from the multi before cleaning up.
2019-02-14examples/http2-download: cleaned upDaniel Stenberg
To avoid scan-build warnings and global variables.
2019-02-14examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'Daniel Stenberg
Detected by scan-build
2019-02-14examples/httpcustomheader: Value stored to 'res' is never readDaniel Stenberg
Detected by scan-build
2019-02-14examples: remove superfluous null-pointer checksDaniel Stenberg
in ftpget, ftpsget and sftpget, so that scan-build stops warning for potential NULL pointer dereference below! Detected by scan-build
2019-02-14strip_trailing_dot: make sure NULL is never used for strlenDaniel Stenberg
scan-build warning: Null pointer passed as an argument to a 'nonnull' parameter
2019-02-14connection_check: restore original conn->data after the checkJay Satiro
- Save the original conn->data before it's changed to the specified data transfer for the connection check and then restore it afterwards. This is a follow-up to 38d8e1b 2019-02-11. History: It was discovered a month ago that before checking whether to extract a dead connection that that connection should be associated with a "live" transfer for the check (ie original conn->data ignored and set to the passed in data). A fix was landed in 54b201b which did that and also cleared conn->data after the check. The original conn->data was not restored, so presumably it was thought that a valid conn->data was no longer needed. Several days later it was discovered that a valid conn->data was needed after the check and follow-up fix was landed in bbae24c which partially reverted the original fix and attempted to limit the scope of when conn->data was changed to only when pruning dead connections. In that case conn->data was not cleared and the original conn->data not restored. A month later it was discovered that the original fix was somewhat correct; a "live" transfer is needed for the check in all cases because original conn->data could be null which could cause a bad deref at arbitrary points in the check. A fix was landed in 38d8e1b which expanded the scope to all cases. conn->data was not cleared and the original conn->data not restored. A day later it was discovered that not restoring the original conn->data may lead to busy loops in applications that use the event interface, and given this observation it's a pretty safe assumption that there is some code path that still needs the original conn->data. This commit is the follow-up fix for that, it restores the original conn->data after the connection check. Assisted-by: tholin@users.noreply.github.com Reported-by: tholin@users.noreply.github.com Fixes https://github.com/curl/curl/issues/3542 Closes #3559
2019-02-14memdebug: bring back curl_mark_scloseDaniel Stenberg
Used by debug builds with NSS. Reverted from 05b100aee247bb
2019-02-14transfer.c: do not compute length of undefined hex buffer.Patrick Monnerat
On non-ascii platforms, the chunked hex header was measured for char code conversion length, even for chunked trailers that do not have an hex header. In addition, the efective length is already known: use it. Since the hex length can be zero, only convert if needed. Reported by valgrind.
2019-02-14KNOWN_BUGS: Cannot compile against a static build of OpenLDAPDaniel Stenberg
Closes #2367
2019-02-14x509asn1: "Dereference of null pointer"Patrick Monnerat
Detected by scan-build (false positive).
2019-02-14configure: show features as well in the final summaryDaniel Stenberg
Closes #3569
2019-02-14KNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10Daniel Stenberg
Closes #2905
2019-02-14KNOWN_BUGS: Deflate error after all content was receivedDaniel Stenberg
Closes #2719
2019-02-14gssapi: fix deprecated header warningsDaniel Stenberg
Heimdal includes on FreeBSD spewed out lots of them. Less so now. Closes #3566
2019-02-14TODO: Upgrade to websocketsDaniel Stenberg
Closes #3523
2019-02-14TODO: cmake test suite improvementsDaniel Stenberg
Closes #3109
2019-02-13curl: "Dereference of null pointer"Patrick Monnerat
Rephrase to satisfy scan-build.
2019-02-13unit1307: require FTP supportMarcel Raad
This test doesn't link without FTP support after fc7ab4835b5fd09d0a6f57000633bb6bb6edfda1, which made Curl_fnmatch unavailable without FTP support. Closes https://github.com/curl/curl/pull/3565
2019-02-13TODO: TFO support on WindowsDaniel Stenberg
Nobody works on this now. Closes #3378
2019-02-13multi: Dereference of null pointerDaniel Stenberg
Mostly a false positive, but this makes the code easier to read anyway. Detected by scan-build. Closes #3563
2019-02-13urlglob: Argument with 'nonnull' attribute passed nullDaniel Stenberg
Detected by scan-build.
2019-02-12schannel: restore some debug output but only for debug buildsJay Satiro
Follow-up to 84c10dc from earlier today which wrapped a lot of the noisy debug output in DEBUGF but omitted a few lines. Ref: https://github.com/curl/curl/commit/84c10dc#r32292900
2019-02-12examples/crawler: Fix the Accept-Encoding settingJay Satiro
- Pass an empty string to CURLOPT_ACCEPT_ENCODING to use the default supported encodings. Prior to this change the specific encodings of gzip and deflate were set but there's no guarantee they'd be supported by the user's libcurl.
2019-02-12mime: put the boundary buffer into the curl_mime structDaniel Stenberg
... instead of allocating it separately and point to it. It is fixed-size and always used for each part. Closes #3561
2019-02-12schannel: be quietDaniel Stenberg
Convert numerous infof() calls into debug-build only messages since they are annoyingly verbose for regular applications. Removed a few. Bug: https://curl.haxx.se/mail/lib-2019-02/0027.html Reported-by: Volker Schmid Closes #3552
2019-02-12Curl_resolv: fix a gcc -Werror=maybe-uninitialized warningRomain Geissler
Closes #3562
2019-02-12http2: multi_connchanged() moved from multi.c, only used for h2Daniel Stenberg
Closes #3557
2019-02-12curl: "Function call argument is an uninitialized value"Daniel Stenberg
Follow-up to cac0e4a6ad14b42471eb Detected by scan-build Closes #3560
2019-02-12pretransfer: don't strlen() POSTFIELDS set for GET requestsDaniel Stenberg
... since that data won't be used in the request anyway. Fixes #3548 Reported-by: Renaud Allard Close #3549
2019-02-12multi: remove verbose "Expire in" ... messagesDaniel Stenberg
Reported-by: James Brown Bug: https://curl.haxx.se/mail/archive-2019-02/0013.html Closes #3558
2019-02-12mbedtls: make it build even if MBEDTLS_VERSION_C isn't setDaniel Stenberg
Reported-by: MAntoniak on github Fixes #3553 Closes #3556
2019-02-12non-ascii.c: fix typos in commentsDaniel Gustafsson
Fix two occurrences of s/convers/converts/ spotted while reading code.
2019-02-12fnmatch: disable if FTP is disabledDaniel Stenberg
Closes #3551
2019-02-12curl_path: only enabled for SSH buildsDaniel Stenberg
2019-02-11tests: add stderr comparison to the test suiteFrank Gevaerts
The code is more or less copied from the stdout comparison code, maybe some better reuse is possible. test 1457 is adjusted to make the output actually match (by using --silent) test 506 used <stderr> without actually needing it, so that <stderr> block is removed Closes #3536