Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-09-10 | sspi: fix memory leaks | migueljcrum | |
Closes #4299 | |||
2019-09-09 | Curl_fillreadbuffer: avoid double-free trailer buf on error | Daniel Stenberg | |
Reviewed-by: Jay Satiro Reported-by: Thomas Vegas Closes #4307 | |||
2019-09-09 | security:read_data fix bad realloc() | Daniel Stenberg | |
... that could end up a double-free CVE-2019-5481 Bug: https://curl.haxx.se/docs/CVE-2019-5481.html | |||
2019-09-09 | tftp: Alloc maximum blksize, and use default unless OACK is received | Thomas Vegas | |
Fixes potential buffer overflow from 'recvfrom()', should the server return an OACK without blksize. Bug: https://curl.haxx.se/docs/CVE-2019-5482.html CVE-2019-5482 | |||
2019-09-09 | tftp: return error when packet is too small for options | Thomas Vegas | |
2019-09-03 | netrc: free 'home' on error | Daniel Stenberg | |
Follow-up to f9c7ba9096ec2 Coverity CID 1453474 Closes #4291 | |||
2019-09-03 | urldata: avoid 'generic', use dedicated pointers | Daniel Stenberg | |
For the 'proto' union within the connectdata struct. Closes #4290 | |||
2019-09-03 | cleanup: move functions out of url.c and make them static | Daniel Stenberg | |
Closes #4289 | |||
2019-09-03 | smtp: check for and bail out on too short EHLO response | Daniel Stenberg | |
Otherwise, a three byte response would make the smtp_state_ehlo_resp() function misbehave. Credit to OSS-Fuzz Bug: https://crbug.com/oss-fuzz/16918 Assisted-by: Max Dymond Closes #4287 | |||
2019-09-02 | smb: init *msg to NULL in smb_send_and_recv() | Daniel Stenberg | |
... it might otherwise return OK from this function leaving that pointer uninitialized. Bug: https://crbug.com/oss-fuzz/16907 Closes #4286 | |||
2019-08-31 | Curl_addr2string: take an addrlen argument too | Daniel Stenberg | |
This allows the function to figure out if a unix domain socket has a file name or not associated with it! When a socket is created with socketpair(), as done in the fuzzer testing, the path struct member is uninitialized and must not be accessed. Bug: https://crbug.com/oss-fuzz/16699 Closes #4283 | |||
2019-08-30 | quiche: expire when poll returned data | Daniel Stenberg | |
... to make sure we continue draining the queue until empty Closes #4281 | |||
2019-08-30 | quiche: decrease available buffer size, don't assign it! | Daniel Stenberg | |
Found-by: Jeremy Lainé | |||
2019-08-29 | ngtcp2: on h3 stream close, call expire | Daniel Stenberg | |
... to trigger a new read to detect the stream close! Closes #4275 | |||
2019-08-29 | ngtcp2: build latest ngtcp2 and ngtcp2_crypto_openssl | Tatsuhiro Tsujikawa | |
Closes #4278 | |||
2019-08-28 | ngtcp2: set flow control window to stream buffer size | Daniel Stenberg | |
Closes #4274 | |||
2019-08-27 | ngtcp2: Build with latest ngtcp2 and ngtcp2_crypto_openssl | Tatsuhiro Tsujikawa | |
Closes #4270 | |||
2019-08-26 | http2: when marked for closure and wanted to close == OK | Daniel Stenberg | |
It could otherwise return an error even when closed correctly if GOAWAY had been received previously. Reported-by: Tom van der Woerdt Fixes #4267 Closes #4268 | |||
2019-08-26 | vauth: return CURLE_AUTH_ERROR on gss_init_sec_context() failure | Kamil Dudka | |
This is a follow-up to https://github.com/curl/curl/pull/3864 . Closes #4224 | |||
2019-08-26 | quiche: send the HTTP body correctly on callback uploads | Daniel Stenberg | |
Closes #4265 | |||
2019-08-25 | ngtcp2: add support for SSLKEYLOGFILE | Daniel Stenberg | |
Closes #4260 | |||
2019-08-25 | ngtcp2: improve h3 response receiving | Daniel Stenberg | |
Closes #4259 | |||
2019-08-25 | ngtcp2: use nghttp3_version() | Daniel Stenberg | |
2019-08-25 | ngtcp2: sync with upstream API changes | Daniel Stenberg | |
Assisted-by: Tatsuhiro Tsujikawa | |||
2019-08-24 | scp: fix directory name length used in memcpy | Kyle Abramowitz | |
Fix read off end of array due to bad pointer math in getworkingpath for SCP home directory case. Closes #4258 | |||
2019-08-24 | http: the 'closed' struct field is used by both ngh2 and ngh3 | Daniel Stenberg | |
and remove 'header_recvbuf', not used for anything Reported-by: Jeremy Lainé Closes #4257 | |||
2019-08-23 | ngtcp2: accept upload via callback | Daniel Stenberg | |
Closes #4256 | |||
2019-08-20 | cleanup: remove DOT_CHAR completely | Daniel Stenberg | |
Follow-up to f9c7ba9096ec The use of DOT_CHAR for ".ssh" was probably a mistake and is removed now. Pointed-out-by: Gisle Vanem Bug: https://github.com/curl/curl/pull/4230#issuecomment-522960638 Closes #4247 | |||
2019-08-20 | spnego_sspi: add typecast to fix build warning | Daniel Stenberg | |
Reported in build "Win32 target on Debian Stretch (64-bit) - i686-w64-mingw32 - gcc-20170516" Closes #4245 | |||
2019-08-20 | openssl: build warning free with boringssl | Daniel Stenberg | |
Closes #4244 | |||
2019-08-20 | ngtcp2: make postfields-set posts work | Daniel Stenberg | |
Closes #4242 | |||
2019-08-20 | http: remove chunked-encoding and expect header use for HTTP/3 | Daniel Stenberg | |
2019-08-20 | CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 | Daniel Stenberg | |
For a long time (since 7.28.1) we've returned error when setting the value to 1 to make applications notice that we stopped supported the old behavior for 1. Starting now, we treat 1 and 2 exactly the same. Closes #4241 | |||
2019-08-20 | netrc: make the code try ".netrc" on Windows as well | Daniel Stenberg | |
... but fall back and try "_netrc" too if the dot version didn't work. Co-Authored-By: Steve Holme | |||
2019-08-20 | ngtcp2: use ngtcp2_version() to get the run-time version | Daniel Stenberg | |
... which of course doesn't have to be the same used at build-time. Function just recently merged in ngtcp2. | |||
2019-08-20 | ngtcp2: move the h3 initing to immediately after the rx key | Daniel Stenberg | |
To fix a segfault and to better deal with 0-RTT Assisted-by: Tatsuhiro Tsujikawa | |||
2019-08-17 | quiche: register debug callback once and earlier | Alessandro Ghedini | |
The quiche debug callback is global and can only be initialized once, so make sure we don't do it multiple times (e.g. if multiple requests are executed). In addition this initializes the callback before the connection is created, so we get logs for the handshake as well. Closes #4236 | |||
2019-08-17 | ssh: add a generic Curl_ssh_version function for SSH backends | Daniel Stenberg | |
Closes #4235 | |||
2019-08-17 | base64: check for SSH, not specific SSH backends | Daniel Stenberg | |
2019-08-17 | vssh: move ssh init/cleanup functions into backend code | Daniel Stenberg | |
2019-08-17 | vssh: create directory for SSH backend code | Daniel Stenberg | |
2019-08-16 | http: fix use of credentials from URL when using HTTP proxy | Daniel Stenberg | |
When a username and password are provided in the URL, they were wrongly removed from the stored URL so that subsequent uses of the same URL wouldn't find the crendentials. This made doing HTTP auth with multiple connections (like Digest) mishave. Regression from 46e164069d1a5230 (7.62.0) Test case 335 added to verify. Reported-by: Mike Crowe Fixes #4228 Closes #4229 | |||
2019-08-15 | ngtcp2: provide the callbacks as a static struct | Daniel Stenberg | |
... instead of having them in quicsocket | |||
2019-08-15 | ngtcp2: add missing nghttp3_conn_add_write_offset call | Tatsuhiro Tsujikawa | |
Closes #4225 | |||
2019-08-15 | ngtcp2: deal with stream close | Tatsuhiro Tsujikawa | |
2019-08-15 | ngtcp2: Consume QUIC STREAM data properly | Tatsuhiro Tsujikawa | |
2019-08-15 | ngtcp2: don't reinitialize SSL on Retry | Tatsuhiro Tsujikawa | |
2019-08-14 | multi: getsock improvements for QUIC connecting | Daniel Stenberg | |
2019-08-14 | connect: connections are persistent by default for HTTP/3 | Daniel Stenberg | |
2019-08-14 | quiche: happy eyeballs | Daniel Stenberg | |
Closes #4220 |