| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Closes #4383
|
|
|
|
| |
Closes #4382
|
|
|
|
|
|
|
|
|
| |
As the loop discards cookies without domain set. This bug would lead to
qsort() trying to sort uninitialized pointers. We have however not found
it a security problem.
Reported-by: Paul Dreik
Closes #4386
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the input hostname is "[", hlen will underflow to max of size_t when
it is subtracted with 2.
hostname[hlen] will then cause a warning by ubsanitizer:
runtime error: addition of unsigned offset to 0x<snip> overflowed to
0x<snip>
I think that in practice, the generated code will work, and the output
of hostname[hlen] will be the first character "[".
This can be demonstrated by the following program (tested in both clang
and gcc, with -O3)
int main() {
char* hostname=strdup("[");
size_t hlen = strlen(hostname);
hlen-=2;
hostname++;
printf("character is %d\n",+hostname[hlen]);
free(hostname-1);
}
I found this through fuzzing, and even if it seems harmless, the proper
thing is to return early with an error.
Closes #4389
|
|
|
|
| |
Closes #4392
|
| |
|
|
|
|
|
|
|
| |
... as the boringssl builds needs a very recent version
Co-authored-by: Jat Satiro
Closes #4361
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes bug detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
|
|
| |
... both !result and (ftp->transfer != FTPTRANSFER_BODY)!
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
|
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
Reported-by: Valerii Zapodovnikov
|
|
|
|
| |
Closes #4381
|
|
|
|
|
|
|
| |
CURLU_NO_AUTHORITY is intended for use with unknown schemes (i.e. not
"file:///") to override cURL's default demand that an authority exists.
Closes #4349
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the
connection should not be reused.
Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html
Reported-by: Sebastian Haglund
Closes #4347
|
|
|
|
| |
Closes #4380
|
| |
|
|
|
|
| |
Closes #4348
|
|
|
|
| |
Closes #4368
|
|
|
|
|
|
|
|
|
| |
Follow-up to 9bc44ff64d9081
Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/17269
Closes #4372
|
|
|
|
|
|
|
|
|
|
| |
If the :authority pseudo header field doesn't contain an explicit port,
we assume it is valid for the default port, instead of rejecting the
request for all ports.
Ref: https://curl.haxx.se/mail/lib-2019-09/0041.html
Closes #4365
|
|
|
|
|
|
|
|
|
| |
If you set the same URL for target as for DoH (and it isn't a DoH
server), like "https://example.com" in both, the easy handles used for
the DoH requests could be left "dangling" and end up not getting freed.
Reported-by: Paul Dreik
Closes #4366
|
|
|
|
|
|
| |
Unclear why this was not detected in the CI.
Follow-up to b7666027296a
|
|
|
|
|
|
|
|
| |
To avoid reading of uninitialized data.
Assisted-by: Max Dymond
Bug: https://crbug.com/oss-fuzz/16907
Closes #4363
|
|
|
|
|
|
|
|
|
| |
... like we do for other protocols at connect time. This makes "curl -I"
and other things work.
Reported-by: George Liu
Fixes #4358
Closes #4360
|
|
|
|
|
| |
Follow-up to ffe34b7b59
Closes #4359
|
|
|
|
|
|
|
|
|
|
|
|
| |
The undefined behaviour is annoying when running fuzzing with
sanitizers. The codegen is the same, but the meaning is now not up for
dispute. See https://cppinsights.io/s/516a2ff4
By incrementing the pointer first, both gcc and clang recognize this as
a bswap and optimizes it to a single instruction. See
https://godbolt.org/z/994Zpx
Closes #4350
|
|
|
|
|
|
|
|
| |
Added unit test case 1655 to verify.
Close #4352
the code correctly finds the flaws in the old code,
if one temporarily restores doh.c to the old version.
|
| |
|
| |
|
|
|
| |
First shot at a CI build on github actions
|