| Age | Commit message (Collapse) | Author |
|---|
|
The reallocation was using the input pointer for the return value, which
leads to a memory leak on reallication failure. Fix by instead use the
safe internal API call Curl_saferealloc().
Closes #3005
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Nick Zitzmann <nickzman@gmail.com>
|
|
ftp_send_command() was using vsnprintf() without including the libcurl
*rintf() replacement header. Fix by including curl_printf.h and also
add curl_memory.h while at it since memdebug.h depends on it.
Closes #2999
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
... so that they can clear the original pointer on failure, which makes
the error-paths and their cleanups easier.
Closes #2992
|
|
|
|
|
|
Closes #2989
|
|
Fixes #2983
Closes #2988
|
|
The failf() macro is the name used for invoking Curl_failf(). While
there isn't a way to turn off failf like there is for infof, but it's
still a good idea to use the macro.
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Strings broken on multiple rows in the .c file need to have appropriate
whitespace padding on either side of the concatenation point to render
a correct amalgamated string. Fix by adding a space at the occurrences
found.
Closes #2986
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
The FTP command allocated by aprintf() must be freed after usage.
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Commit 8238ba9c5f10414a88f502bf3f5d5a42d632984c inadvertently removed
the actual command to be sent from the send buffer in a refactoring.
Add back copying the command into the buffer. Also add more guards
against malformed input while at it.
Closes #2985
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
When erroring out on a request being too large, the existing buffer was
leaked. Fix by explicitly freeing on the way out.
Closes #2966
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Closes #2984
|
|
|
|
Closes https://github.com/curl/curl/pull/2979
|
|
- Use memcpy instead of strncpy to copy a string without termination,
since gcc8 warns about using strncpy to copy as many bytes from a
string as its length.
Suggested-by: Viktor Szakats
Closes https://github.com/curl/curl/issues/2980
|
|
Rather than jumping backwards to where failure cleanup happens
to be performed, move the failure case to end of the function
where it is expected per existing coding convention.
Closes #2965
|
|
Closes #2963
|
|
If the formatting fails, we error out on a fatal error and
clean up on the way out. The array was however freed within
the wrong scope and was thus never freed in case the cookies
were written to a file instead of STDOUT.
Closes #2957
|
|
Expired cookies have already been purged at a later expiration time
before this check, so remove the redundant check.
closes #2962
|
|
Exit the realloc() loop if the response turns out ridiculously large to
avoid worse problems.
Reported-by: Harry Sintonen
Closes #2959
|
|
Closes #2960
|
|
Coverity CID 1439134
|
|
See header file and man pages for API. All documented API details work
and are tested in the 1560 test case.
Closes #2842
|
|
... including the associated option.
Fixes #2951
Closes #2952
|
|
Add functionality so that protocols can do custom keepalive on their
connections, when an external API function is called.
Add docs for the new options in 7.62.0
Closes #1641
|
|
Sometimes it may be considered a security risk to load an external
OpenSSL configuration automatically inside curl_global_init(). The
configuration option --disable-ssl-auto-load-config disables this
automatism. The Windows build scripts winbuild/Makefile.vs provide a
corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
value.
Setting neither of these options corresponds to the previous behavior
loading the external OpenSSL configuration automatically.
Fixes #2724
Closes #2791
|
|
The gcc typecheck macros and coverity combined made it warn on the 2nd
argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it.
Coverity CID 1439115 and CID 1439114.
|
|
SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of
mingw and would require an ifdef otherwise.
Reported-by: Thomas Glanzmann
Approved-by: Marc Hörsken
Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html
Closes #2950
|
|
... and add "MAILINDEX".
As described in #2789, this is a suggested solution. Changing UID=xx to
actually get mail with UID xx and add "MAILINDEX" to get a mail with a
special index in the mail box (old behavior). So MAILINDEX=1 gives the
first non deleted mail in the mail box.
Fixes #2789
Closes #2815
|
|
This is step 3 of #2888.
Fixes #2888
Closes #2896
|
|
|
|
Closes #2668
|
|
Long live CURLE_PEER_FAILED_VERIFICATION
|
|
CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509
does not allocate memory internally as its first argument is a pointer
to the certificate structure. The same error code is also returned by
Curl_verifyhost when its call to Curl_parseX509 fails so the change
makes error handling more consistent.
|
|
Failure to extract the issuer name from the server certificate should
return a more specific error code like on other TLS backends.
|
|
Closes #2901
|
|
Closes #2901
|
|
Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for
deprecation and complete removal in six months.
Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html
Closes #2942
|
|
Closes #2709
|
|
Starting 7.62.0, multiplexing is enabled by default in multi handles.
|
|
Approved-by: Daniel Gustafsson
Closes #2937
|
|
Transparently. The related curl_multi_setopt() options all still returns
OK when pipelining is selected.
To re-enable the support, the single line change in lib/multi.c needs to
be reverted.
See docs/DEPRECATE.md
Closes #2705
|
|
Since scan-build would warn on the dead "Dead store/Dead increment"
|
|
|
|
Fixes #2939
Closes #2940
|
|
This is a follow-up to PR #2607 and PR #2926.
Closes #2936
|
|
The flag indicating TLS 1.3 cipher support in the OpenSSL backend was
missing.
Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187
Reported-by: Kamil Dudka
Closes #2926
|
|
... since it would cause an integer overflow if longer than (max size_t
/ 2).
This is CVE-2018-14618
Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
Closes #2756
Reported-by: Zhaoyang Wu
|
|
Closes #2928
|
