Age | Commit message (Collapse) | Author |
|
Closes #2570
|
|
|
|
Reported-by: Rikard Falkeborn
Bug: #2560
Closes #2569
|
|
Fixes gcc-8 picky compiler warnings
Reported-by: Rikard Falkeborn
Bug: #2560
Closes #2568
|
|
|
|
|
|
When there's an upload in progress, make sure to wait for the socket to
become writable.
Detected-by: steini2000 on github
Bug: #2520
Closes #2567
|
|
Response data for a handle with a large buffer might be cached and then
used with the "closure" handle when it has a smaller buffer and then the
larger cache will be copied and overflow the new smaller heap based
buffer.
Reported-by: Dario Weisser
CVE: CVE-2018-1000300
Bug: https://curl.haxx.se/docs/adv_2018-82c2.html
|
|
... leaving the k->str could lead to buffer over-reads later on.
CVE: CVE-2018-1000301
Assisted-by: Max Dymond
Detected by OSS-Fuzz.
Bug: https://curl.haxx.se/docs/adv_2018-b138.html
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
|
|
RFC 6265 section 4.2.1 does not set restrictions on cookie names.
This is a follow-up to commit 7f7fcd0.
Also explicitly check proper syntax of cookie name/value pair.
New test 1155 checks that cookie names are not reserved words.
Reported-By: anshnd at github
Fixes #2564
Closes #2566
|
|
Assisted-by: Max Dymond
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
|
|
Detected by Coverity; CID 1435559. Follow-up to f8d608f38d00. It would
index the array with -1 if neither index was a socket.
|
|
To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES
handling is causing problems. This fix changes the OpenSSL backend code
to use BIO functions instead of FILE I/O functions to circumvent those
problems.
Closes #2512
|
|
follow-up to e66cca046cef
|
|
... instead of previous separate struct fields, to make it easier to
extend and change individual backends without having to modify them all.
closes #2547
|
|
Curl_setup_transfer() can be called to setup a new individual transfer
over a multiplexed connection so it shouldn't unset writesockfd.
Bug: #2520
Closes #2549
|
|
It triggers an assert.
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144
Closes #2546
|
|
ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to
represent, but 'int' only has 32 bits [-Wshift-overflow=]
'len' will never be that big anyway so I converted the run-time check to
a regular assert.
|
|
Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the
changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of
the problem that strcpy_url() was modified unilaterally without also
modifying strlen_url(). As a consequence strcpy_url() was again
depending on ASCII encoding.
This change fixes strlen_url() and strcpy_url() in parallel to use a
common host-encoding independent criterion for deciding whether an URL
character must be %-escaped.
Closes #2535
|
|
... as it defines it (too)
|
|
Closes https://github.com/curl/curl/pull/2542
|
|
Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused,
so remove as it's not part of the published API.
Closes https://github.com/curl/curl/pull/2537
|
|
This extends the INDENTATION case to also handle 'else' statements
and require proper indentation on the following line. Also fixes the
offending cases found in the codebase.
Closes #2532
|
|
This function can get called on a connection that isn't setup enough to
have the 'recv_underlying' function pointer initialized so it would try
to call the NULL pointer.
Reported-by: Dario Weisser
Follow-up to db1b2c7fe9b093f8 (never shipped in a release)
Closes #2536
|
|
Follow-up to 1514c44655e12e: replace another strstr() call done on a
buffer that might not be zero terminated - with a memchr() call, even if
we know the substring will be found.
Assisted-by: Max Dymond
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021
Closes #2534
|
|
WolfSSL doesn't enable it by default anymore
|
|
The jar should be written iff there are cookies, so ensure that we still
have cookies after expiration to avoid creating an empty file.
Closes #2529
|
|
OSS-Fuzz detected
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000
Broke in dd7521bcc1b7
|
|
Coverity detected, CID 1435120
Closes #2527
|
|
With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic
character classification macros and functions were introduced in
curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on
non-ASCII, e.g. EBCDIC platforms. This change restores the previous set
of character classification macros when CURL_DOES_CONVERSIONS is
defined.
Closes #2494
|
|
Fixes FTP wildcard parsing when done over a number of read buffers.
Regression from f786d1f14
Reported-by: wncboy on github
Fixes #2445
Closes #2526
|
|
This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934.
Caused fuzzer problems on travis not seen when this was a PR!
|
|
Avoids undefined behavior.
Reported-by: Geeknik Labs
|
|
Fixes FTP wildcard parsing when doing over a number of read buffers.
Regression from f786d1f14
Reported-by: wncboy on github
Fixes #2445
Closes #2519
|
|
... to make them better spell out what they're for.
|
|
Closes #2499
|
|
Fuzzing has proven we can reach code in on_frame_recv with status_code
not having been set, so let's detect that in run-time (instead of with
assert) and error error accordingly.
(This should no longer happen with the latest nghttp2)
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903
Closes #2514
|
|
- Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't
support the latter.
Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668
Closes https://github.com/curl/curl/pull/2504
|
|
This reverts commit 8fb78f9ddc6d858d630600059b8ad84a80892fd9.
Unfortunately this fix introduces memory leaks I've not been able to fix
in several days. Reverting this for now to get the leaks fixed.
|
|
When receiving REFUSED_STREAM, mark the connection for close and retry
streams accordingly on another/fresh connection.
Reported-by: Terry Wu
Fixes #2416
Fixes #1618
Closes #2510
|
|
This fixes the notorious "httpc->drain_total >= data->state.drain"
assert.
Reported-by: Anders Bakken
Fixes #1680
Closes #2509
|
|
It's not strictly clear if the API contract allows us to call strstr()
on a string that isn't zero terminated even when we know it will find
the substring, and clang's ASAN check dislikes us for it.
Also added a check of the return code in case it fails, even if I can't
think of a situation how that can trigger.
Detected by OSS-Fuzz
Closes #2513
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760
|
|
Curl_cert_hostcheck operates with the host character set, therefore the
ASCII subjectAltName string retrieved with OpenSSL must be converted to
the host encoding before comparison.
Closes #2493
|
|
- Support handling verbose-mode trace messages of type
SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS,
SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO,
SSL3_MT_MESSAGE_HASH
Reported-by: iz8mbw@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/2403
|
|
Regression from f786d1f14
Reported-by: wncboy on github
Fixes #2445
Closes #2508
|
|
|
|
This triggered an assert if called more than once in debug mode (and a
memory leak if not debug build). With the right sequence of HTTP/2
headers incoming it can happen.
Detected by OSS-Fuzz
Closes #2507
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764
|
|
- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
from schannel.c have been moved to schannel.h to allow them to be
used in schannel_verify.c.
- Make verify_certificate functionality for Schannel available on
all versions of Windows instead of just Windows CE. verify_certificate
will be invoked on Windows CE or when the user specifies
CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.
- In verify_certificate, create a custom certificate chain engine that
exclusively trusts the certificate store backed by the CURLOPT_CAINFO
file.
- doc updates of --cacert/CAINFO support for schannel
- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
when available. This implements a TODO in schannel.c to improve
handling of multiple SANs in a certificate. In particular, all SANs
will now be searched instead of just the first name.
- Update tool_operate.c to not search for the curl-ca-bundle.crt file
when using Schannel to maintain backward compatibility. Previously,
any curl-ca-bundle.crt file found in that search would have been
ignored by Schannel. But, with CAINFO support, the file found by
that search would have been used as the certificate store and
could cause issues for any users that have curl-ca-bundle.crt in
the search path.
- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
SSL backend is Schannel. We allow setting CA location for schannel
only when explicitly specified by the user via CURLOPT_CAINFO /
--cacert.
- Add new test cases 3000 and 3001. These test cases check that the first
and last SAN, respectively, matches the connection hostname. New test
certificates have been added for these cases. For 3000, the certificate
prefix is Server-localhost-firstSAN and for 3001, the certificate
prefix is Server-localhost-secondSAN.
- Remove TODO 15.2 (Add support for custom server certificate
validation), this commit addresses it.
Closes https://github.com/curl/curl/pull/1325
|
|
- Fix warning 'integer from pointer without a cast' on 3rd arg in
CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer
type of the same size.
Follow-up to e35b025.
Caught by Marc's CI builds.
|
|
Users can now specify a client certificate in system certificates store
explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"`
Closes #2376
|