Age | Commit message (Collapse) | Author |
|
They're now wrong.
Reported-by: Michael Kaufmann
Closes #2277
|
|
... up to before it may be used for the TIME_T_MAX/MIN logic.
Reported-by: Michael Kaufmann
|
|
Reported-by: Michael Kaufmann
Bug: https://github.com/curl/curl/commit/1c39128d974666107fc6d9ea15f294036851f224#commitcomment-27246479
|
|
Whenever an expected pattern syntax rule cannot be matched, the
character starting the rule loses its special meaning and the parsing
is resumed:
- backslash at the end of pattern string matches itself.
- Error in [:keyword:] results in set containing :\[dekorwy.
Unit test 1307 updated for this new situation.
Closes #2273
|
|
Also be more tolerant about set pattern syntax.
Update unit test 1307 accordingly.
Bug: https://curl.haxx.se/mail/lib-2018-01/0114.html
|
|
|
|
... instead of doing it unconditionally in debug builds. It cluttered up
the output a little too much.
|
|
|
|
|
|
Closes #2205
|
|
... with the introduction of CURLOPT_TIMEVALUE_LARGE and
CURLINFO_FILETIME_T.
Fixes #2238
Closes #2264
|
|
Bug: https://curl.haxx.se/mail/lib-2018-01/0074.html
Reported-by: Ruurd Beerstra
Fixes #2255
Closes #2272
|
|
... since the libc provided one are locale dependent in a way we don't
want. Also, the "native" isalnum() (for example) works differently on
different platforms which caused test 1307 failures on macos only.
Closes #2269
|
|
inadvertently removed in 283babfaf8d8f3bab9d3c63cea94eb0b84e79c37
Closes #2263
|
|
Closes #2085
|
|
Make curl_getdate() handle dates before 1970 as well (returning negative
values).
Make test 517 test dates for 64 bit time_t.
This fixes bug (3) mentioned in #2238
Closes #2250
|
|
Here is a version that should work with all versions of openssl 0.9.7
through 1.1.0.
Links to the docs:
https://www.openssl.org/docs/man1.0.2/crypto/EVP_DigestInit.html
https://www.openssl.org/docs/man1.1.0/crypto/EVP_DigestInit.html
At the very bottom of the 1.1.0 documentation there is a history section
that states, " stack allocated EVP_MD_CTXs are no longer supported."
If EVP_MD_CTX_create and EVP_MD_CTX_destroy are not defined, then a
simple mapping can be used as described here:
https://wiki.openssl.org/index.php/Talk:OpenSSL_1.1.0_Changes
Closes #2258
|
|
|
|
Closes #1429
|
|
It was once used for some debugging/verifying logic but should never have
ended up in git!
|
|
|
|
Bug: https://curl.haxx.se/mail/lib-2018-01/0087.html
Reported-by: John Hascall
Closes #2257
|
|
... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
curl already handles Authorization headers created internally.
Note: this changes behavior slightly, for the sake of reducing mistakes.
Added test 317 and 318 to verify.
Reported-by: Craig de Stigter
Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
|
|
Fixes #2237
Closes #2249
|
|
In case an identity didn't match[0], the state machine would fail in
state SSH_AUTH_AGENT instead of progressing to the next identity in
ssh-agent. As a result, ssh-agent authentication only worked if the
identity required happened to be the first added to ssh-agent.
This was introduced as part of commit c4eb10e2f06fbd6cc904f1d78e4, which
stated that the "else" statement was required to prevent getting stuck
in state SSH_AUTH_AGENT. Given the state machine's logic and libssh2's
interface I couldn't see how this could happen or reproduce it and I
also couldn't find a more detailed description of the problem which
would explain a test case to reproduce the problem this was supposed to
fix.
[0] libssh2_agent_userauth returning LIBSSH2_ERROR_AUTHENTICATION_FAILED
Closes #2248
|
|
Coverity CID 1427646.
|
|
Follow-up to 84fcaa2e7. libressl does not have the API even if it says it is
late OpenSSL version...
Fixes #2246
Closes #2247
Reported-by: jungle-boogie on github
|
|
... to avoid excessive recursive calls. The number 5 is totally
arbitrary and could be modified if someone has a good motivation.
|
|
.... and avoid advancing the pointer to trigger an out of buffer read.
Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251
Assisted-by: Max Dymond
|
|
1. don't use "ULL" suffix since unsupported in older MSVC
2. use curl_off_t instead of custom long long ifdefs
3. make get_posix_time() not do unaligned data access
Fixes #2211
Closes #2240
Reported-by: Chester Liu
|
|
Follow-up commit to 615edc1f73 which was incomplete.
Assisted-by: Max Dymond
Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206
|
|
Fixes #2210
Closes #2236
|
|
A mime tree attached to an easy handle using CURLOPT_MIMEPOST is
strongly bound to the handle: there is a pointer to the easy handle in
each item of the mime tree and following the parent pointer list
of mime items ends in a dummy part stored within the handle.
Because of this binding, a mime tree cannot be shared between different
easy handles, thus it needs to be cloned upon easy handle duplication.
There is no way for the caller to get the duplicated mime tree
handle: it is then set to be automatically destroyed upon freeing the
new easy handle.
New test 654 checks proper mime structure duplication/release.
Add a warning note in curl_mime_data_cb() documentation about sharing
user data between duplicated handles.
Closes #2235
|
|
... and make the max filesize check trigger if the value is too big.
Updates test 178.
Reported-by: Brad Spencer
Fixes #2212
Closes #2223
|
|
Broken since f121575 (precedes 7.56.1).
Bug: https://github.com/curl/curl/issues/2225
Reported-by: cmfrolick@users.noreply.github.com
Closes https://github.com/curl/curl/pull/2227
|
|
This also upgrades ILE/RPG bindings with latest setopt options.
Reported-By: jonrumsey on github
Fixes #2230
Closes #2233
|
|
Prior to this change the stored byte count of each trailer was
miscalculated and 1 less than required. It appears any trailer
after the first that was passed to Curl_client_write would be truncated
or corrupted as well as the size. Potentially the size of some
subsequent trailer could be erroneously extracted from the contents of
that trailer, and since that size is used by client write an
out-of-bounds read could occur and cause a crash or be otherwise
processed by client write.
The bug appears to have been born in 0761a51 (precedes 7.49.0).
Closes https://github.com/curl/curl/pull/2231
|
|
Before calling Curl_client_chop_write(), change the owner of connection
to the current Curl_easy handle. This will fix the issue #2217.
Fixes https://github.com/curl/curl/issues/2217
Closes https://github.com/curl/curl/pull/2221
|
|
to increase accuracy for quick transfers
Fixes #2200
Closes #2206
|
|
- Enable execute permission (chmod +x)
- Change interpreter to /usr/bin/env perl
Closes https://github.com/curl/curl/pull/2222
|
|
.. because limits.h presence isn't optional, it's required by C89.
Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2
Closes https://github.com/curl/curl/pull/2215
|
|
- Free the copy of SSLKEYLOGFILE env returned by curl_getenv during ossl
initialization.
Caught by ASAN.
|
|
Decoding loop implementation did not concern the case when all
received data is consumed by Brotli decoder and the size of decoded
data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE.
For content with unencoded length greater than CURL_MAX_WRITE_SIZE this
can result in the loss of data at the end of content.
Closes #2194
|
|
Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level
functions dealing with UserDefined structure contents.
This avoids memory leakages on curl-generated part mime headers.
New test 2073 checks this using the cli tool --next option: it
triggers a valgrind error if bug is present.
Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html
Reported-by: Martin Galvan
|
|
- When zlib version is < 1.2.0.4, process gzip trailer before considering
extra data as an error.
- Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data
and minimize corrupt data output.
- Do not try to restart deflate decompression in raw mode if output has
started or if the leading data is not available anymore.
- New test 232 checks inflating raw-deflated content.
Closes #2068
|
|
Some error codes were not yet defined in brotli 0.6.0: do not issue code
for them in this case.
|
|
scan-build would warn on a potential access of an uninitialized
buffer. I deem it a false positive and had to add this somewhat ugly
work-around to silence it.
|
|
A scan-build warning.
|
|
This broke in 07cb27c98e. Make sure to return 'result' properly. Pointed
out by scan-build!
|
|
... for the CURLOPT_TIMEOUT, CURLOPT_CONNECTTIMEOUT and
CURLOPT_SERVER_RESPONSE_TIMEOUT range checks.
Reported-by: Dominik Hölzl
Bug: https://curl.haxx.se/mail/lib-2017-12/0037.html
Closes #2173
|