delta/curl.git/lib/dotdot.c, branch bagder/https-proxyu-req-http github.com: bagder/curl.git terminology: call them null-terminated strings 2020-06-27T22:31:24+00:00 Daniel Stenberg daniel@haxx.se 2020-06-25T09:38:25+00:00 032e838b73578e9a5e8d2cf2ca0f5f2097006060 Updated terminology in docs, comments and phrases to refer to C strings as "null-terminated". Done to unify with how most other C oriented docs refer of them and what users in general seem to prefer (based on a single highly unscientific poll on twitter). Reported-by: coinhubs on github Fixes #5598 Closes #5608 
Updated terminology in docs, comments and phrases to refer to C strings
as "null-terminated". Done to unify with how most other C oriented docs
refer of them and what users in general seem to prefer (based on a
single highly unscientific poll on twitter).

Reported-by: coinhubs on github
Fixes #5598
Closes #5608
copyrights: fix copyright year range 2019-11-08T13:51:42+00:00 Daniel Stenberg daniel@haxx.se 2019-11-02T22:41:43+00:00 0bc60d91de0eda5d1c7ec8033a75980f81a33a59 .. because checksrc's copyright year check stopped working. Ref: https://github.com/curl/curl/pull/4547 Closes https://github.com/curl/curl/pull/4549 
.. because checksrc's copyright year check stopped working.

Ref: https://github.com/curl/curl/pull/4547

Closes https://github.com/curl/curl/pull/4549
Curl_dedotdotify(): always nul terminate returned string. 2018-09-24T05:48:41+00:00 Even Rouault even.rouault@spatialys.com 2018-09-23T12:17:30+00:00 55b51b8c493ee37e1cb4a57255ef38ce595a4186 This fixes potential out-of-buffer access on "file:./" URL $ valgrind curl "file:./" ==24516== Memcheck, a memory error detector ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==24516== Command: /home/even/install-curl-git/bin/curl file:./ ==24516== ==24516== Conditional jump or move depends on uninitialised value(s) ==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24516== by 0x4EBB315: seturl (urlapi.c:801) ==24516== by 0x4EBB568: parseurl (urlapi.c:861) ==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199) ==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044) ==24516== by 0x4E67AEF: create_conn (url.c:3613) ==24516== by 0x4E68A4F: Curl_connect (url.c:4119) ==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440) ==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173) ==24516== by 0x4E7558C: easy_transfer (easy.c:686) ==24516== by 0x4E75801: easy_perform (easy.c:779) ==24516== by 0x4E75868: curl_easy_perform (easy.c:798) Was originally spotted by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637 Credit to OSS-Fuzz Closes #3039 
This fixes potential out-of-buffer access on "file:./" URL

$ valgrind curl "file:./"
==24516== Memcheck, a memory error detector
==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==24516== Command: /home/even/install-curl-git/bin/curl file:./
==24516==
==24516== Conditional jump or move depends on uninitialised value(s)
==24516==    at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24516==    by 0x4EBB315: seturl (urlapi.c:801)
==24516==    by 0x4EBB568: parseurl (urlapi.c:861)
==24516==    by 0x4EBC509: curl_url_set (urlapi.c:1199)
==24516==    by 0x4E644C6: parseurlandfillconn (url.c:2044)
==24516==    by 0x4E67AEF: create_conn (url.c:3613)
==24516==    by 0x4E68A4F: Curl_connect (url.c:4119)
==24516==    by 0x4E7F0A4: multi_runsingle (multi.c:1440)
==24516==    by 0x4E808E5: curl_multi_perform (multi.c:2173)
==24516==    by 0x4E7558C: easy_transfer (easy.c:686)
==24516==    by 0x4E75801: easy_perform (easy.c:779)
==24516==    by 0x4E75868: curl_easy_perform (easy.c:798)

Was originally spotted by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637
Credit to OSS-Fuzz

Closes #3039
code style: use spaces around pluses 2017-09-11T07:29:50+00:00 Daniel Stenberg daniel@haxx.se 2017-09-09T21:55:08+00:00 e5743f08e7efb387bb39c0dc28f36838ece3bc1e 






code style: use spaces around equals signs
2017-09-11T07:29:50+00:00

Daniel Stenberg
daniel@haxx.se

2017-09-09T21:09:06+00:00

6b84438d9a9220fb75cbaae9d6fe6c3edb6d425e












dedotdot: fixed output for ".." and "." only input
2017-06-02T22:11:51+00:00

Daniel Stenberg
daniel@haxx.se

2017-06-02T15:50:45+00:00

cfd3e8f399c2bb2a7fdc51f01ddc12548b4f3892

Found when updating test 1395, which I did to increase test coverage of
this source file...

Closes #1535





Found when updating test 1395, which I did to increase test coverage of
this source file...

Closes #1535







memdebug: Ensure curl/curl.h is included before curl_memory.h
2016-04-01T12:21:12+00:00

Steve Holme
steven.holme@cubic.com

2016-04-01T12:21:12+00:00

0c331b899985cd9e805b60d2b68001dfdda11559

Follow up to commit 7db9782dd6.





Follow up to commit 7db9782dd6.







URLs: change more http to https
2016-02-04T23:46:54+00:00

Viktor Szakats
vszakats@users.noreply.github.com

2016-02-03T04:09:25+00:00

d49881cb19971c058eca4a41317b6487bf939e5c












URLs: change all http:// URLs to https://
2016-02-02T23:19:02+00:00

Daniel Stenberg
daniel@haxx.se

2016-02-02T23:19:02+00:00

4af40b3646d3b09f68e419f7ca866ff395d1f897












dotdot: allow an empty input string too
2016-02-02T21:43:54+00:00

Daniel Stenberg
daniel@haxx.se

2016-02-02T21:43:54+00:00

41ae9f717a5ccd46de5957da25f7a5a2666f2917

It isn't used by the code in current conditions but for safety it seems
sensible to at least not crash on such input.

Extended unit test 1395 to verify this too as well as a plain "/" input.





It isn't used by the code in current conditions but for safety it seems
sensible to at least not crash on such input.

Extended unit test 1395 to verify this too as well as a plain "/" input.