Age | Commit message (Collapse) | Author |
|
- If the size of the length type (curl_off_t) is greater than the size
of the size_t type then check before allocating memory to make sure the
value of length will fit in a size_t without overflow. If it doesn't
then return CURLE_BAD_FUNCTION_ARGUMENT.
Bug: https://github.com/bagder/curl/issues/425#issuecomment-154518679
Reported-by: Steve Holme
|
|
Closes #546
|
|
|
|
- set the correct stream_id for pushed streams
- init maxdownload and size properly
|
|
give the new stream the old one's stream_weight internally to avoid
sending a PRIORITY frame unless asked for it
|
|
Fixes warnings 78c25c854a added.
|
|
IoctlSocket() apparently wants a pointer to a long, passed as a char *
in its third parameter. This bug was introduced already back in commit
c5fdeef41d from October 1 2001!
Bug: http://curl.haxx.se/mail/lib-2015-11/0088.html
Reported-by: Norbert Kett
|
|
|
|
The RTSP code path didn't skip adding the if-modified-since for certain
RTSP code paths, even if CURLOPT_TIMECONDITION was set to
CURL_TIMECOND_NONE.
Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals
CURL_TIMECOND_IFMODSINCE.
Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header
|
|
It would previously be skipped if an existing error was returned, but
would lead to a previous value being left there and later used.
CURLINFO_TOTAL_TIME for example.
Still it avoids that final progress update if we reached DONE as the
result of a callback abort to avoid another callback to be called after
an abort-by-callback.
Reported-by: Lukas Ruzicka
Closes #538
|
|
This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a.
Feedback-by: Dan Fandrich
URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
|
|
smb.c:134:3: warning: conversion to 'short unsigned int' from 'int' may
alter its value
smb.c:146:42: warning: conversion to 'unsigned int' from 'long long
unsigned int' may alter its value
smb.c:146:65: warning: conversion to 'unsigned int' from 'long long
unsigned int' may alter its value
|
|
|
|
Regression from commit 7a8e861a5 as highlighted in the msys autobuilds.
|
|
|
|
|
|
The push headers are freed after the push callback has been invoked,
meaning this code should only free the headers if the callback was never
invoked and thus the headers weren't freed at that time.
Reported-by: Davey Shafik
|
|
Closes #528
|
|
|
|
|
|
According to RFC7628 a failure message may be sent by the server in a
base64 encoded JSON string as a continuation response.
Currently only implemented for OAUTHBEARER and not XAUTH2.
|
|
OAUTHBEARER is now the official "registered" SASL mechanism name for
OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some
servers won't support the new mechanism yet.
|
|
Curl_ossl_init calls OPENSSL_load_builtin_modules() but
Curl_ossl_cleanup doesn't make a call to free these modules.
Bug: https://github.com/bagder/curl/issues/526
|
|
They tend to never get updated anyway so they're frequently inaccurate
and we never go back to revisit them anyway. We document issues to work
on properly in KNOWN_BUGS and TODO instead.
|
|
|
|
|
|
Simplify by removing #ifdefs and macros
|
|
|
|
We only support >= 0.9.7
|
|
|
|
|
|
Following the fix in commit d6d58dd558 it is necessary to re-introduce
XOAUTH2 in the default enabled authentication mechanism, which was
removed in commit 7b2012f262, otherwise users will have to specify
AUTH=XOAUTH2 in the URL.
Note: OAuth 2.0 will only be used when the bearer is specified.
|
|
|
|
Closes #525
|
|
|
|
Regression from commit 9e8ced9890 which meant if --oauth2-bearer was
specified but the SASL mechanism wasn't supported by the server then
the mechanism would be chosen.
|
|
Added support to the OAuth 2.0 message function for host and port, in
order to accommodate the official OAUTHBEARER SASL mechanism which is
to be added shortly.
|
|
|
|
In addition to commit a215381c94 added the RTSP, RTMP and SMB protocols.
|
|
The curl_config.h file can be generated either from curl_config.h.cmake
or curl_config.h.in, depending on whether you're building using CMake or
the autotools. The CMake template header doesn't include entries for
all of the protocols that you can disable, which (I think) means that
you can't actually disable those protocols when building via CMake.
Closes #523
|
|
BoringSSL implements `BIO_get_mem_data` as a function, instead of a
macro, and expects the output pointer to be a `char **`. We have to add
an explicit cast to grab the pointer as a `const char **`.
Closes #524
|
|
We need 1.0.0 or later. Also verified by configure.
|
|
|
|
|
|
When referring to OAuth 2.0 we should use the official name rather the
SASL mechanism name.
|
|
The fix in 1a614c6c3 was wrong and would leed to free() of a fixed
string.
Pointed-out-by: Kamil Dudka
|
|
Bug: https://github.com/bagder/curl/issues/486
Closes https://github.com/bagder/curl/pull/487
|
|
|
|
... when it was within a string!
|
|
Closes #517
|