delta/curl.git/tests/libtest/lib1560.c, branch bagder/https-cookie-secure github.com: bagder/curl.git snprintf: renamed and we now only use msnprintf() 2018-11-23T07:26:51+00:00 Daniel Stenberg daniel@haxx.se 2018-11-22T08:01:24+00:00 dcd6f810255785d52b89150e18460fb0899d4f7e The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297 
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.

Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
urlapi: only skip encoding the first '=' with APPENDQUERY set 2018-11-07T07:28:48+00:00 Daniel Stenberg daniel@haxx.se 2018-11-06T22:48:35+00:00 9aa8ff2895df60f2857d26fb3262c231511114a9 APPENDQUERY + URLENCODE would skip all equals signs but now it only skip encoding the first to better allow "name=content" for any content. Reported-by: Alexey Melnichuk Fixes #3231 Closes #3231 
APPENDQUERY + URLENCODE would skip all equals signs but now it only skip
encoding the first to better allow "name=content" for any content.

Reported-by: Alexey Melnichuk
Fixes #3231
Closes #3231
url: a short host name + port is not a scheme 2018-11-06T18:11:58+00:00 Daniel Stenberg daniel@haxx.se 2018-11-04T22:30:48+00:00 9df8dc101ba03807a3257ba0922fe4dd03c81ed3 The function identifying a leading "scheme" part of the URL considered a few letters ending with a colon to be a scheme, making something like "short:80" to become an unknown scheme instead of a short host name and a port number. Extended test 1560 to verify. Also fixed test203 to use file_pwd to make it get the correct path on windows. Removed test 2070 since it was a duplicate of 203. Assisted-by: Marcel Raad Reported-by: Hagai Auro Fixes #3220 Fixes #3233 Closes #3223 Closes #3235 
The function identifying a leading "scheme" part of the URL considered a
few letters ending with a colon to be a scheme, making something like
"short:80" to become an unknown scheme instead of a short host name and
a port number.

Extended test 1560 to verify.

Also fixed test203 to use file_pwd to make it get the correct path on
windows. Removed test 2070 since it was a duplicate of 203.

Assisted-by: Marcel Raad
Reported-by: Hagai Auro
Fixes #3220
Fixes #3233
Closes #3223
Closes #3235
Revert "url: a short host name + port is not a scheme" 2018-11-05T08:24:59+00:00 Daniel Stenberg daniel@haxx.se 2018-11-05T08:24:53+00:00 d9abebc7ee2a4cfde42c790ae97a2d8c6911f3a9 This reverts commit 226cfa8264cd979eff3fd52c0f3585ef095e7cf2. This commit caused test failures on appveyor/windows. Work on fixing them is in #3235. 
This reverts commit 226cfa8264cd979eff3fd52c0f3585ef095e7cf2.

This commit caused test failures on appveyor/windows. Work on fixing them is
in #3235.
url: a short host name + port is not a scheme 2018-11-03T14:01:27+00:00 Daniel Stenberg daniel@haxx.se 2018-11-02T22:46:01+00:00 226cfa8264cd979eff3fd52c0f3585ef095e7cf2 The function identifying a leading "scheme" part of the URL considered a few letters ending with a colon to be a scheme, making something like "short:80" to become an unknown scheme instead of a short host name and a port number. Extended test 1560 to verify. Reported-by: Hagai Auro Fixes #3220 Closes #3223 
The function identifying a leading "scheme" part of the URL considered a few
letters ending with a colon to be a scheme, making something like "short:80"
to become an unknown scheme instead of a short host name and a port number.

Extended test 1560 to verify.

Reported-by: Hagai Auro
Fixes #3220
Closes #3223
URL: fix IPv6 numeral address parser 2018-11-02T23:14:04+00:00 Daniel Stenberg daniel@haxx.se 2018-11-02T14:11:16+00:00 b28094833a971870fd8c07960b3b12bf6fbbaad3 Regression from 46e164069d1a52. Extended test 1560 to verify. Reported-by: tpaukrt on github Fixes #3218 Closes #3219 
Regression from 46e164069d1a52. Extended test 1560 to verify.

Reported-by: tpaukrt on github
Fixes #3218
Closes #3219
Curl_dedotdotify(): always nul terminate returned string. 2018-09-24T05:48:41+00:00 Even Rouault even.rouault@spatialys.com 2018-09-23T12:17:30+00:00 55b51b8c493ee37e1cb4a57255ef38ce595a4186 This fixes potential out-of-buffer access on "file:./" URL $ valgrind curl "file:./" ==24516== Memcheck, a memory error detector ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==24516== Command: /home/even/install-curl-git/bin/curl file:./ ==24516== ==24516== Conditional jump or move depends on uninitialised value(s) ==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24516== by 0x4EBB315: seturl (urlapi.c:801) ==24516== by 0x4EBB568: parseurl (urlapi.c:861) ==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199) ==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044) ==24516== by 0x4E67AEF: create_conn (url.c:3613) ==24516== by 0x4E68A4F: Curl_connect (url.c:4119) ==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440) ==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173) ==24516== by 0x4E7558C: easy_transfer (easy.c:686) ==24516== by 0x4E75801: easy_perform (easy.c:779) ==24516== by 0x4E75868: curl_easy_perform (easy.c:798) Was originally spotted by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637 Credit to OSS-Fuzz Closes #3039 
This fixes potential out-of-buffer access on "file:./" URL

$ valgrind curl "file:./"
==24516== Memcheck, a memory error detector
==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==24516== Command: /home/even/install-curl-git/bin/curl file:./
==24516==
==24516== Conditional jump or move depends on uninitialised value(s)
==24516==    at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24516==    by 0x4EBB315: seturl (urlapi.c:801)
==24516==    by 0x4EBB568: parseurl (urlapi.c:861)
==24516==    by 0x4EBC509: curl_url_set (urlapi.c:1199)
==24516==    by 0x4E644C6: parseurlandfillconn (url.c:2044)
==24516==    by 0x4E67AEF: create_conn (url.c:3613)
==24516==    by 0x4E68A4F: Curl_connect (url.c:4119)
==24516==    by 0x4E7F0A4: multi_runsingle (multi.c:1440)
==24516==    by 0x4E808E5: curl_multi_perform (multi.c:2173)
==24516==    by 0x4E7558C: easy_transfer (easy.c:686)
==24516==    by 0x4E75801: easy_perform (easy.c:779)
==24516==    by 0x4E75868: curl_easy_perform (easy.c:798)

Was originally spotted by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637
Credit to OSS-Fuzz

Closes #3039
urlapi: fix support for address scope in IPv6 numerical addresses 2018-09-21T09:19:14+00:00 Daniel Stenberg daniel@haxx.se 2018-09-21T06:17:39+00:00 2097cd515289581df5dfb6eeb5942d083a871fa4 Closes #3024 
Closes #3024
urlapi: document the error codes, remove two unused ones 2018-09-19T21:25:11+00:00 Daniel Stenberg daniel@haxx.se 2018-09-19T09:28:40+00:00 5c73093edb3bd527db9c8abdee53d0f18e6a4cc1 Assisted-by: Daniel Gustafsson Closes #3019 
Assisted-by: Daniel Gustafsson
Closes #3019
urlapi: add CURLU_GUESS_SCHEME and fix hostname acceptance 2018-09-19T21:21:52+00:00 Daniel Stenberg daniel@haxx.se 2018-09-19T08:17:03+00:00 9307c219ad4741db860b864c860ac2f8bf9fad9d In order for this API to fully work for libcurl itself, it now offers a CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host name prefix just like libcurl always did. If there's no known prefix, it will guess "http://". Separately, it relaxes the check of the host name so that IDN host names can be passed in as well. Both these changes are necessary for libcurl itself to use this API. Assisted-by: Daniel Gustafsson Closes #3018 
In order for this API to fully work for libcurl itself, it now offers a
CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host
name prefix just like libcurl always did. If there's no known prefix, it
will guess "http://".

Separately, it relaxes the check of the host name so that IDN host names
can be passed in as well.

Both these changes are necessary for libcurl itself to use this API.

Assisted-by: Daniel Gustafsson
Closes #3018