Age | Commit message (Collapse) | Author |
|
The flag indicating TLS 1.3 cipher support in the OpenSSL backend was
missing.
Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187
Reported-by: Kamil Dudka
Closes #2926
|
|
... since it would cause an integer overflow if longer than (max size_t
/ 2).
This is CVE-2018-14618
Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
Closes #2756
Reported-by: Zhaoyang Wu
|
|
Closes #2928
|
|
Assisted-by: Rikard Falkeborn
Closes #2922
|
|
|
|
According to RFC6265 section 5.4, cookies with equal path lengths
SHOULD be sorted by creation-time (earlier first). This adds a
creation-time record to the cookie struct in order to make cookie
sorting more deterministic. The creation-time is defined as the
order of the cookies in the jar, the first cookie read fro the
jar being the oldest. The creation-time is thus not serialized
into the jar. Also remove the strcmp() matching in the sorting as
there is no lexicographic ordering in RFC6265. Existing tests are
updated to match.
Closes #2524
|
|
As uintptr_t and HANDLE are always the same size, this warning is
harmless. Just silence it using an intermediate uintptr_t variable.
Closes https://github.com/curl/curl/pull/2908
|
|
1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG )
while opening certificate store would be sufficient in this scenario and
less-demanding in sense of required user credentials ( for example,
IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore
call without any of flags mentioned above ),
2) as 'cert_store_name' is a DWORD, attempt to format its value like a
string ( in "Failed to open cert store" error message ) will throw null
pointer exception
3) adding GetLastError(), in my opinion, will make error message more
useful.
Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html
Closes #2909
|
|
Since GOPHER support was added in curl `?' character was automatically
translated to `%09' (`\t').
However, this behaviour does not seems documented in RFC 4266 and for
search selectors it is documented to directly use `%09' in the URL.
Apart that several gopher servers in the current gopherspace have CGI
support where `?' is used as part of the selector and translating it to
`%09' often leads to surprising results.
Closes #2910
|
|
When Curl_http2_done() gets called before the http2 data is setup all
the way, we cannot send anything and this should just return an error.
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
|
|
Closes #2903
|
|
... as no other comments are accepted since 014ed7c22f51463
|
|
This enables level 4 instead of the default level 3, which of the
currently used comments only allows /* FALLTHROUGH */ to silence the
warning.
Closes https://github.com/curl/curl/pull/2747
|
|
Closes https://github.com/curl/curl/pull/2747
|
|
and remove the private SIZE_T_MAX define and use the generic one.
Closes #2902
|
|
... before the stream is started, we have it set to -1.
Fixes #2894
Closes #2898
|
|
To make uploads significantly faster in some circumstances.
Part 2 of #2888
Closes #2892
|
|
Saves 16KB on the easy handle for operations that don't need that
buffer.
Part 1 of #2888
|
|
Handles created with curl_easy_duphandle do not use the SSL engine set
up in the original handle. This fixes the issue by storing the engine
name in the internal url state and setting the engine from its name
inside curl_easy_duphandle.
Reported-by: Anton Gerasimov
Signed-of-by: Laurent Bonnans
Fixes #2829
Closes #2833
|
|
If this is the last stream on this connection, the RST_STREAM might not
get pushed to the wire otherwise.
Fixes #2882
Closes #2887
Researched-by: Michael Kaufmann
|
|
This struct field is never set TRUE in any existing code path. This
change removes the field completely.
Closes #2871
|
|
Might help bug #2688 debugging
Closes #2880
|
|
This change allows to use the CMake config files generated by Curl's
CMake scripts for static builds of the library.
The symbol CURL_STATIC lib must be defined to compile downstream,
thus the config package is the perfect place to do so.
Fixes #2817
Closes #2823
Reported-by: adnn on github
Reviewed-by: Sergei Nikulov
|
|
Added test 656 (based on test 604) to verify the fix.
Bug: https://bugzilla.redhat.com/1595135
Closes #2879
|
|
The verbose message "Authentication using SSH public key file" was
printed each time the ssh_userauth_publickey_auto() was called, which
meant each time a packet was transferred over network because the API
operates in non-blocking mode.
This patch makes sure that the verbose message is printed just once
(when the authentication state is entered by the SSH state machine).
|
|
Deal with tiny "HTTP/0.9" (header-less) responses by checking the
status-line early, even before a full "HTTP/" is received to allow
detecting 0.9 properly.
Test 1266 and 1267 added to verify.
Fixes #2420
Closes #2872
|
|
Pointed-out-by: Rikard Falkeborn
Closes https://github.com/curl/curl/pull/2860
|
|
On Windows, casting between unrelated function types is fine and
sometimes even necessary, so just use an intermediate cast to
(void (*) (void)) to silence the warning as described in [0].
[0] https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html
Closes https://github.com/curl/curl/pull/2860
|
|
Adds test 1522 for verification.
Reported-by: cjmsoregan
Fixes #2847
Closes #2864
|
|
Follow-up to 298d2565e
Coverity CID 1438387
|
|
The macro seems to never have been used.
Closes #2852
|
|
Usage was removed in 5113ad0424044458ac497fa1458ebe0101356b22.
Closes #2852
|
|
Its usage was removed in
84ad1fd3047815f9c6e78728bb351b828eac10b1.
Closes #2852
|
|
Their usage was removed in 3a145180cc754a5959ca971ef3cd243c5c83fc51.
Closes #2852
|
|
Fixes #2806
Closes #2843
|
|
Somehow I didn't include the amended version of the previous fix. This
is the missing piece.
Pointed-out-by: Viktor Szakats
|
|
Significantly enhances upload performance on modern Windows versions.
Bug: https://curl.haxx.se/mail/lib-2018-07/0080.html
Closes #2762
Fixes #2224
|
|
This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.
Acked-by: Nikos Mavrogiannopoulos
Closes #2333
|
|
Use standard CMake variable BUILD_SHARED_LIBS instead of introducing
custom option CURL_STATICLIB.
Use '-DBUILD_SHARED_LIBS=%SHARED%' in appveyor.yml.
Reviewed-by: Sergei Nikulov
Closes #2755
|
|
This restores the ability to build a static lib with
--disable-symbol-hiding to keep non-curl_ symbols.
Researched-by: Dan Fandrich
Reported-by: Ran Mozes
Fixes #2830
Closes #2831
|
|
addresses is only used in an infof call, which is a macro expanding to
nothing if CURL_DISABLE_VERBOSE_STRINGS is set.
|
|
Follow-up to 09e401e01bf9. The SMB protocol handler needs to use its
doing function too, which requires smb_do() to not mark itself as
done...
Closes #2822
|
|
Closes #2818
|
|
This change fixes a regression where redirect body would needlessly be
decompressed even though it was to be ignored anyway. As it happens this
causes secondary issues since there appears to be a bug in apache2 that
it in certain conditions generates a corrupt zlib response. The
regression was created by commit:
dbcced8e32b50c068ac297106f0502ee200a1ebd
Discovered-by: Harry Sintonen
Closes #2798
|
|
Fixes #2801
Closes #2812
|
|
Reported-by: Andrei Virtosu
Fixes #2800
Closes #2809
|
|
... by making sure connection related data (->share) is stored in the
connection and not in the easy handle.
Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
Fixes #2769
Closes #2810
|
|
Let's call it disassociate instead of disconnect since the latter term
is used so much for (TCP) connections already.
|
|
Bug: https://curl.haxx.se/mail/archive-2018-07/0015.html
Reported-by: Jeffrey Walton
Closes #2795
|
|
RNG structure must be freed by call to FreeRng after its use in
Curl_cyassl_random. This call fixes Valgrind failures when running the
test suite with wolfSSL.
Closes #2784
|