Age | Commit message (Collapse) | Author |
|
Improved estimation of expected_len and updated related comments;
increased strictness of QNAME-encoding, adding error detection for empty
labels and names longer than the overall limit; avoided treating DNAME
as unexpected;
updated unit test 1655 with more thorough set of proofs and tests
Closes #4598
|
|
This is the common pattern used in the code and by a unified approach we
avoid mistakes.
Closes #4534
|
|
Otherwise curl may be told to use for instance pop3 to
communicate with the doh server, which most likely
is not what you want.
Found through fuzzing.
Closes #4406
|
|
Closes #4406
|
|
Closes #4381
|
|
If you set the same URL for target as for DoH (and it isn't a DoH
server), like "https://example.com" in both, the easy handles used for
the DoH requests could be left "dangling" and end up not getting freed.
Reported-by: Paul Dreik
Closes #4366
|
|
The undefined behaviour is annoying when running fuzzing with
sanitizers. The codegen is the same, but the meaning is now not up for
dispute. See https://cppinsights.io/s/516a2ff4
By incrementing the pointer first, both gcc and clang recognize this as
a bswap and optimizes it to a single instruction. See
https://godbolt.org/z/994Zpx
Closes #4350
|
|
Added unit test case 1655 to verify.
Close #4352
the code correctly finds the flaws in the old code,
if one temporarily restores doh.c to the old version.
|
|
Fixes Codacy/CppCheck warnings.
Closes https://github.com/curl/curl/pull/3872
|
|
|
|
- Inherit SSL options for the doh handle but not SSL client certs,
SSL ALPN/NPN, SSL engine, SSL version, SSL issuer cert,
SSL pinned public key, SSL ciphers, SSL id cache setting,
SSL kerberos or SSL gss-api settings.
- Fix inheritance of verbose setting.
- Inherit NOSIGNAL.
There is no way for the user to set options for the doh (DNS-over-HTTPS)
handles and instead we inherit some options from the user's easy handle.
My thinking for the SSL options not inherited is they are most likely
not intended by the user for the DOH transfer. I did inherit insecure
because I think that should still be in control of the user.
Prior to this change doh did not work for me because CAINFO was not
inherited. Also verbose was set always which AFAICT was a bug (#3660).
Fixes https://github.com/curl/curl/issues/3660
Closes https://github.com/curl/curl/pull/3661
|
|
Closes #3426
|
|
Reviewed-by: Daniel Gustafsson
Closes #3342
|
|
Reported-by: dtmsecurity at github
Fixes #3325
Closes #3336
|
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.
Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
|
|
Closes #3144
|
|
Ideally this will fix the reversed order shown in SPARC tests:
resp 8: Expected 127.0.0.1 got 1.0.0.127
Closes #3091
|
|
Closes #3092
|
|
CURLOPT_POSTFIELDSIZE is long. Fixes a compiler warning on 64-bit
MinGW.
|
|
The DoH spec says "HTTP/2 [RFC7540] is the minimum RECOMMENDED version
of HTTP for use with DoH".
Reported-by: Marcel Raad
Closes #3066
|
|
The gcc typecheck macros and coverity combined made it warn on the 2nd
argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it.
Coverity CID 1439115 and CID 1439114.
|
|
|
|
Closes #2668
|