Age | Commit message (Collapse) | Author |
|
One can still use CA certificates stored in NSS database.
Reported-by: Maxime Legros
Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
Closes #3016
|
|
In the CURLUPART_URL case, there is no codepath which invokes url
decoding so remove the assignment of the urldecode variable. This
fixes the deadstore bug-report from clang static analysis.
Closes #3015
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
TODO item 1.1 was implemented in commit 946ce5b61f, update reference
to it with instead referencing the implemented option.
Closes #3013
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
User must have OpenSSL installed even if not used by libcurl at all
since 7.61.1 release. Broken at
7867aaa9a01decf93711428462335be8cef70212
Reviewed-by: Sergei Nikulov
Closes #3001
|
|
.... since getsock may update the expiry timer.
Fixes #2996
Closes #3000
|
|
Closes #3004
|
|
The reallocation was using the input pointer for the return value, which
leads to a memory leak on reallication failure. Fix by instead use the
safe internal API call Curl_saferealloc().
Closes #3005
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Nick Zitzmann <nickzman@gmail.com>
|
|
Make sure to not overwrite the reallocated pointer in realloc() calls
to avoid a memleak on memory errors.
|
|
ftp_send_command() was using vsnprintf() without including the libcurl
*rintf() replacement header. Fix by including curl_printf.h and also
add curl_memory.h while at it since memdebug.h depends on it.
Closes #2999
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Closes #2994
|
|
... so that they can clear the original pointer on failure, which makes
the error-paths and their cleanups easier.
Closes #2992
|
|
|
|
Closes #2998
|
|
|
|
Closes #2989
|
|
Fixes #2983
Closes #2988
|
|
The failf() macro is the name used for invoking Curl_failf(). While
there isn't a way to turn off failf like there is for infof, but it's
still a good idea to use the macro.
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Strings broken on multiple rows in the .c file need to have appropriate
whitespace padding on either side of the concatenation point to render
a correct amalgamated string. Fix by adding a space at the occurrences
found.
Closes #2986
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
The FTP command allocated by aprintf() must be freed after usage.
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Commit 8238ba9c5f10414a88f502bf3f5d5a42d632984c inadvertently removed
the actual command to be sent from the send buffer in a refactoring.
Add back copying the command into the buffer. Also add more guards
against malformed input while at it.
Closes #2985
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
When erroring out on a request being too large, the existing buffer was
leaked. Fix by explicitly freeing on the way out.
Closes #2966
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
Closes #2984
|
|
|
|
This yields
"the scheme is %s\n"
instead of
"the scheme is %s0
Closes #2970
|
|
|
|
to help user understand what the problem is
Reported-by: Daniel Shahaf
Fixes #2763
Closes #2977
|
|
The previous test certificates contained RSA keys of only 1024 bits.
However, RSA claims that 1024-bit RSA keys are likely to become
crackable some time before 2010. The NIST recommends at least 2048-bit
keys for RSA for now.
Better use full 2048 also for testing.
Closes #2973
|
|
Closes #2968
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
On Windows, the read function from <io.h> is used, which has its byte
count parameter as unsigned int instead of size_t.
Closes https://github.com/curl/curl/pull/2972
|
|
Closes https://github.com/curl/curl/pull/2979
|
|
- Use memcpy instead of strncpy to copy a string without termination,
since gcc8 warns about using strncpy to copy as many bytes from a
string as its length.
Suggested-by: Viktor Szakats
Closes https://github.com/curl/curl/issues/2980
|
|
Closes #2967
|
|
This example is simply not working correctly but there's nobody around
with the skills and energy to fix it.
Closes #2407
|
|
... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9
Closes #2955
|
|
Closes #2948
|
|
Rather than jumping backwards to where failure cleanup happens
to be performed, move the failure case to end of the function
where it is expected per existing coding convention.
Closes #2965
|
|
Closes #2963
|
|
If the formatting fails, we error out on a fatal error and
clean up on the way out. The array was however freed within
the wrong scope and was thus never freed in case the cookies
were written to a file instead of STDOUT.
Closes #2957
|
|
Expired cookies have already been purged at a later expiration time
before this check, so remove the redundant check.
closes #2962
|
|
Exit the realloc() loop if the response turns out ridiculously large to
avoid worse problems.
Reported-by: Harry Sintonen
Closes #2959
|
|
Closes #2960
|
|
Coverity CID 1439134
|
|
|
|
The expected error code is now 60. 51 is dead.
|
|
|
|
|
|
See header file and man pages for API. All documented API details work
and are tested in the 1560 test case.
Closes #2842
|