aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2019-07-16curl: only accept COLUMNS less than 10000Daniel Stenberg
... as larger values would rather indicate something silly (and could potentially cause buffer problems). Reported-by: pendrek at hackerone Closes #4114
2019-06-24curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy buildsKoen Dergent
Closes #4061
2019-06-18curl: improved skip-setopt-options when built with disabled featuresDaniel Stenberg
Reduces #ifdefs in src/tool_operate.c Follow-up from 4e86f2fc4e6 Closes #3936
2019-06-10tool_cb_prg: Fix integer overflow in progress barDaniel Gustafsson
Commit 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 fixed the progress bar width calculation to avoid integer overflow, but failed to account for the fact that initial_size is initialized to -1 when the file size is retrieved from the remote on an upload, causing another signed integer overflow. Fix by separately checking for this case before the width calculation. Closes #3984 Reported-by: Brian Carpenter (Geeknik Labs) Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-06-05build: fix Codacy warningsMarcel Raad
Reduce variable scopes and remove redundant variable stores. Closes https://github.com/curl/curl/pull/3975
2019-06-04tool_parsecfg: Use correct return type for GetModuleFileName()Steve Holme
GetModuleFileName() returns a DWORD which is a typedef of an unsigned long and not an int. Closes #3980
2019-06-02tool_parsecfg: Fix control flow issue (DEADCODE)Steve Holme
Follow-up to 8144ba38. Detected by Coverity CID 1445663 Closes #3976
2019-06-02tls13-docs: mention it is only for OpenSSL >= 1.1.1Daniel Stenberg
Reported-by: Jay Satiro Co-authored-by: Jay Satiro Fixes #3938 Closes #3946
2019-05-25Revert all SASL authzid (new feature) commitsJay Satiro
- Revert all commits related to the SASL authzid feature since the next release will be a patch release, 7.65.1. Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined for the next release, assuming it would be a feature release 7.66.0. However instead the next release will be a patch release, 7.65.1 and will not contain any new features. After the patch release after the reverted commits can be restored by using cherry-pick: git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690 Details for all reverted commits: Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()." This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a. Revert "tests: Fix the line endings for the SASL alt-auth tests" This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221. Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples" This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75. Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool" This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817. Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID" This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.
2019-05-23tool_setopt: for builds with disabled-proxy, skip all proxy setopts()Daniel Stenberg
Reported-by: Marcel Raad Fixes #3926 Closes #3929
2019-05-23tool_parse_cfg: Avoid 2 fopen() for WIN32Gisle Vanem
Using the memdebug.h mem-leak feature, I noticed 2 calls like: FILE tool_parsecfg.c:70 fopen("c:\Users\Gisle\AppData\Roaming\_curlrc","rt") FILE tool_parsecfg.c:114 fopen("c:\Users\Gisle\AppData\Roaming\_curlrc","rt") No need for 'fopen(), 'fclose()' and a 'fopen()' yet again.
2019-05-22curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the toolSteve Holme
2019-05-20curl: report error for "--no-" on non-boolean optionsDaniel Stenberg
Reported-by: Olen Andoni Fixes #3906 Closes #3907
2019-05-20tool_formparse: remove redundant assignmentMarcel Raad
Just initialize word_begin with the correct value. Closes https://github.com/curl/curl/pull/3873
2019-05-18curl: make code work with protocol-disabled libcurlDaniel Stenberg
Closes #3844
2019-05-16cleanup: remove FIXME and TODO commentsDaniel Stenberg
They serve very little purpose and mostly just add noise. Most of them have been around for a very long time. I read them all before removing or rephrasing them. Ref: #3876 Closes #3883
2019-05-16curl: don't set FTP options for FTP-disabled buildsDaniel Stenberg
... since libcurl has started to be totally unaware of options for disabled protocols they now return error. Bug: https://github.com/curl/curl/commit/c9c5304dd4747cbe75d2f24be85920d572fcb5b8#commitcomment-33533937 Reported-by: Marcel Raad Closes #3886
2019-04-16tool_help: Warn if curl and libcurl versions do not matchJay Satiro
.. because functionality may be affected if the versions differ. This commit implements TODO 18.7 "warning if curl version is not in sync with libcurl version". Ref: https://github.com/curl/curl/blob/curl-7_64_1/docs/TODO#L1028-L1033 Closes https://github.com/curl/curl/pull/3774
2019-04-11build: fix Codacy/CppCheck warningsMarcel Raad
- remove unused variables - declare conditionally used variables conditionally - suppress unused variable warnings in the CMake tests - remove dead variable stores - consistently use WIN32 macro to detect Windows Closes https://github.com/curl/curl/pull/3739
2019-04-02tool_cb_wrt: fix bad-function-cast warningMarcel Raad
Commit f5bc578f4cdfdc6c708211dfc2962a0e9d79352d reintroduced the warning fixed in commit 2f5f31bb57d68b54e03bffcd9648aece1fe564f8. Extend fhnd's scope and reuse that variable instead of calling _get_osfhandle a second time to fix the warning again. Closes https://github.com/curl/curl/pull/3718
2019-04-01tool_help: include <strings.h> for strcasecmpDaniel Stenberg
Reported-by: Wyatt O'Day Fixes #3715 Closes #3716
2019-03-26tool_cb_wrt: fix writing to Windows null device NULJay Satiro
- Improve console detection. Prior to this change WriteConsole could be called to write to a handle that may not be a console, which would cause an error. This issue is limited to character devices that are not also consoles such as the null device NUL. Bug: https://github.com/curl/curl/issues/3175#issuecomment-439068724 Reported-by: Gisle Vanem
2019-03-15tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattrChris Young
2019-03-15tool_operate: build on AmigaOSChris Young
2019-03-14makefile: make checksrc and hugefile commands "silent"Daniel Stenberg
... to match the style already used for compiling, linking etc. Acknowledges 'make V=1' to enable verbose. Closes #3681
2019-03-14curl.1: mark the argument to --cookie as <data|filename>Daniel Stenberg
From a discussion in #3676 Suggested-by: Tim Rühsen Closes #3682
2019-03-08memdebug: make debug-specific functions use curl_dbg_ prefixDaniel Stenberg
To not "collide" or use up the regular curl_ name space. Also makes them easier to detect in helper scripts. Closes #3656
2019-03-03alt-svc: the curl command line bitsDaniel Stenberg
2019-03-03alt-svc: the libcurl bitsDaniel Stenberg
2019-02-27curl: display --version features sorted alphabeticallyDaniel Stenberg
Closes #3611
2019-02-20curl: remove MANUAL from -M outputDaniel Stenberg
... and remove it from the dist tarball. It has served its time, it barely gets updated anymore and "everything curl" is now convering all this document once tried to include, and does it more and better. In the compressed scenario, this removes ~15K data from the binary, which is 25% of the -M output. It remains in the git repo for now for as long as the web site builds a page using that as source. It renders poorly on the site (especially for mobile users) so its not even good there. Closes #3587
2019-02-19cli tool: fix mime post with --disable-libcurl-option configure optionPatrick Monnerat
Reported-by: Marcel Raad Fixes #3576 Closes #3583
2019-02-16cli tool: refactor encoding conversion sequence for switch case fallthrough.Patrick Monnerat
2019-02-13curl: "Dereference of null pointer"Patrick Monnerat
Rephrase to satisfy scan-build.
2019-02-13urlglob: Argument with 'nonnull' attribute passed nullDaniel Stenberg
Detected by scan-build.
2019-02-12curl: "Function call argument is an uninitialized value"Daniel Stenberg
Follow-up to cac0e4a6ad14b42471eb Detected by scan-build Closes #3560
2019-02-11cli tool: do not use mime.h private structures.Patrick Monnerat
Option -F generates an intermediate representation of the mime structure that is used later to create the libcurl mime structure and generate the --libcurl statements. Reported-by: Daniel Stenberg Fixes #3532 Closes #3546
2019-02-11curl: follow-up to 3f16990ec84Daniel Gustafsson
Commit 3f16990ec84cc4b followed-up a bug in b49652ac66cc0 but was inadvertently introducing a new bug in the ternary expression. Close #3555 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-11curl: follow-up to b49652ac66cc0Daniel Stenberg
On FreeBSD, return non-zero on error otherwise zero. Reported-by: Marcel Raad
2019-02-11curl: fix FreeBSD compiler warning in the --xattr codeDaniel Stenberg
Closes #3550
2019-02-07tool_operate: fix typecheck warningMarcel Raad
Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning: tool_operate.c: In function 'operate_do': ../include/curl/typecheck-gcc.h:47:9: error: call to '_curl_easy_setopt_err_long' declared with attribute warning: curl_easy_setopt expects a long argument for this option [-Werror] Closes https://github.com/curl/curl/pull/3534
2019-02-01schannel: stop calling it "winssl"Daniel Stenberg
Stick to "Schannel" everywhere. The configure option --with-winssl is kept to allow existing builds to work but --with-schannel is added as an alias. Closes #3504
2019-01-26configure: rewrite --enable-code-coverageDaniel Stenberg
The previously used ax_code_coverage.m4 is not license compatible and must not be used. Reported-by: William A. Rowe Jr Fixes #3497 Closes #3499
2019-01-14src/Makefile: make 'tidy' target work for metalink buildsDaniel Stenberg
2019-01-11tool_cb_prg: avoid integer overflowDaniel Stenberg
When calculating the progress bar width. Reported-by: Peng Li Fixes #3456 Closes #3458
2019-01-10xattr: strip credentials from any URL that is storedDaniel Stenberg
Both user and password are cleared uncondtitionally. Added unit test 1621 to verify. Fixes #3423 Closes #3433
2019-01-04printf: fix format specifiersRikard Falkeborn
Closes #3426
2019-01-01tvnow: silence conversion warningsMarcel Raad
MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is used and the milliseconds are represented as unsigned long long, leading to a compiler warning when implicitly converting them to long.
2018-12-21http: added options for allowing HTTP/0.9 responsesDaniel Stenberg
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose. For now, both the tool and library allow HTTP/0.9 by default. docs/DEPRECATE.md lays out the plan for when to reverse that default: 6 months after the 7.64.0 release. The options are added already now so that applications/scripts can start using them already now. Fixes #2873 Closes #3383
2018-12-19curl -J: do not append to the destination fileDaniel Stenberg
Reported-by: Kamil Dudka Fixes #3380 Closes #3381