Age | Commit message (Collapse) | Author |
|
To avoid reading of uninitialized data.
Assisted-by: Max Dymond
Bug: https://crbug.com/oss-fuzz/16907
Closes #4363
|
|
... like we do for other protocols at connect time. This makes "curl -I"
and other things work.
Reported-by: George Liu
Fixes #4358
Closes #4360
|
|
Follow-up to ffe34b7b59
Closes #4359
|
|
The undefined behaviour is annoying when running fuzzing with
sanitizers. The codegen is the same, but the meaning is now not up for
dispute. See https://cppinsights.io/s/516a2ff4
By incrementing the pointer first, both gcc and clang recognize this as
a bswap and optimizes it to a single instruction. See
https://godbolt.org/z/994Zpx
Closes #4350
|
|
Added unit test case 1655 to verify.
Close #4352
the code correctly finds the flaws in the old code,
if one temporarily restores doh.c to the old version.
|
|
This is a protocol violation but apparently there are legacy proprietary
servers doing this.
Added test 336 and 337 to verify.
Reported-by: Philippe Marguinaud
Closes #4339
|
|
Closes #4332
|
|
If FILE or FTP are enabled, since they also use them!
Reported-by: Roland Hieber
Fixes #4325
Closes #4343
|
|
For FTPS transfers, curl gets close_notify on the data connection
without that being a signal to close the control connection!
Regression since 3f5da4e59a556fc (7.65.0)
Reported-by: Zenju on github
Reviewed-by: Jay Satiro
Fixes #4329
Closes #4340
|
|
... by using the *_LAST define names better.
Closes #4321
|
|
Reported-by: Dagobert Michelsen
Fixes #4328
Closes #4333
|
|
Despite ldapp_err2string being documented by MS as returning a
PCHAR (char *), when UNICODE it is mapped to ldap_err2stringW and
returns PWCHAR (wchar_t *).
We have lots of code that expects ldap_err2string to return char *,
most of it failf used like this:
failf(data, "LDAP local: Some error: %s", ldap_err2string(rc));
Closes https://github.com/curl/curl/pull/4272
|
|
|
|
It needs to parse correctly. Otherwise it could be tricked into letting
through a-f using host names that libcurl would then resolve. Like
'[ab.be]'.
Reported-by: Thomas Vegas
Closes #4315
|
|
OpenSSL 1.1.0 adds SSL_CTX_set_<min|max>_proto_version() that we now use
when available. Existing code is preserved for older versions of
OpenSSL.
Closes #4304
|
|
|
|
Closes #4299
|
|
Reviewed-by: Jay Satiro
Reported-by: Thomas Vegas
Closes #4307
|
|
... that could end up a double-free
CVE-2019-5481
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
|
|
Fixes potential buffer overflow from 'recvfrom()', should the server
return an OACK without blksize.
Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
CVE-2019-5482
|
|
|
|
Follow-up to f9c7ba9096ec2
Coverity CID 1453474
Closes #4291
|
|
For the 'proto' union within the connectdata struct.
Closes #4290
|
|
Closes #4289
|
|
Otherwise, a three byte response would make the smtp_state_ehlo_resp()
function misbehave.
Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/16918
Assisted-by: Max Dymond
Closes #4287
|
|
... it might otherwise return OK from this function leaving that pointer
uninitialized.
Bug: https://crbug.com/oss-fuzz/16907
Closes #4286
|
|
This allows the function to figure out if a unix domain socket has a
file name or not associated with it! When a socket is created with
socketpair(), as done in the fuzzer testing, the path struct member is
uninitialized and must not be accessed.
Bug: https://crbug.com/oss-fuzz/16699
Closes #4283
|
|
... to make sure we continue draining the queue until empty
Closes #4281
|
|
Found-by: Jeremy Lainé
|
|
... to trigger a new read to detect the stream close!
Closes #4275
|
|
Closes #4278
|
|
Closes #4274
|
|
Closes #4270
|
|
It could otherwise return an error even when closed correctly if GOAWAY
had been received previously.
Reported-by: Tom van der Woerdt
Fixes #4267
Closes #4268
|
|
This is a follow-up to https://github.com/curl/curl/pull/3864 .
Closes #4224
|
|
Closes #4265
|
|
Closes #4260
|
|
Closes #4259
|
|
|
|
Assisted-by: Tatsuhiro Tsujikawa
|
|
Fix read off end of array due to bad pointer math in getworkingpath for
SCP home directory case.
Closes #4258
|
|
and remove 'header_recvbuf', not used for anything
Reported-by: Jeremy Lainé
Closes #4257
|
|
Closes #4256
|
|
Follow-up to f9c7ba9096ec
The use of DOT_CHAR for ".ssh" was probably a mistake and is removed
now.
Pointed-out-by: Gisle Vanem
Bug: https://github.com/curl/curl/pull/4230#issuecomment-522960638
Closes #4247
|
|
Reported in build "Win32 target on Debian Stretch (64-bit) -
i686-w64-mingw32 - gcc-20170516"
Closes #4245
|
|
Closes #4244
|
|
Closes #4242
|
|
|
|
For a long time (since 7.28.1) we've returned error when setting the
value to 1 to make applications notice that we stopped supported the old
behavior for 1. Starting now, we treat 1 and 2 exactly the same.
Closes #4241
|
|
... but fall back and try "_netrc" too if the dot version didn't work.
Co-Authored-By: Steve Holme
|