| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
|
| |
|
|
|
|
| |
Fixes warning detected by PVS-Studio
Fixes #4374
Reported-by: Valerii Zapodovnikov
|
| |
|
|
| |
Closes #4381
|
| |
|
|
|
|
|
| |
CURLU_NO_AUTHORITY is intended for use with unknown schemes (i.e. not
"file:///") to override cURL's default demand that an authority exists.
Closes #4349
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the
connection should not be reused.
Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html
Reported-by: Sebastian Haglund
Closes #4347
|
| |
|
|
| |
Closes #4380
|
| | |
|
| |
|
|
| |
Closes #4348
|
| |
|
|
| |
Closes #4368
|
| |
|
|
|
|
|
|
|
| |
Follow-up to 9bc44ff64d9081
Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/17269
Closes #4372
|
| |
|
|
|
|
|
|
|
|
| |
If the :authority pseudo header field doesn't contain an explicit port,
we assume it is valid for the default port, instead of rejecting the
request for all ports.
Ref: https://curl.haxx.se/mail/lib-2019-09/0041.html
Closes #4365
|
| |
|
|
|
|
|
|
|
| |
If you set the same URL for target as for DoH (and it isn't a DoH
server), like "https://example.com" in both, the easy handles used for
the DoH requests could be left "dangling" and end up not getting freed.
Reported-by: Paul Dreik
Closes #4366
|
| |
|
|
|
|
| |
Unclear why this was not detected in the CI.
Follow-up to b7666027296a
|
| |
|
|
|
|
|
|
| |
To avoid reading of uninitialized data.
Assisted-by: Max Dymond
Bug: https://crbug.com/oss-fuzz/16907
Closes #4363
|
| |
|
|
|
|
|
|
|
| |
... like we do for other protocols at connect time. This makes "curl -I"
and other things work.
Reported-by: George Liu
Fixes #4358
Closes #4360
|
| |
|
|
|
| |
Follow-up to ffe34b7b59
Closes #4359
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The undefined behaviour is annoying when running fuzzing with
sanitizers. The codegen is the same, but the meaning is now not up for
dispute. See https://cppinsights.io/s/516a2ff4
By incrementing the pointer first, both gcc and clang recognize this as
a bswap and optimizes it to a single instruction. See
https://godbolt.org/z/994Zpx
Closes #4350
|
| |
|
|
|
|
|
|
| |
Added unit test case 1655 to verify.
Close #4352
the code correctly finds the flaws in the old code,
if one temporarily restores doh.c to the old version.
|
| | |
|
| | |
|
| |
|
| |
First shot at a CI build on github actions
|
| |
|
|
|
|
|
| |
Assisted-by: Marcel Raad
Assisted-by: Jay Satiro
Closes #4324
|
| |
|
|
|
|
|
|
|
|
| |
This is a protocol violation but apparently there are legacy proprietary
servers doing this.
Added test 336 and 337 to verify.
Reported-by: Philippe Marguinaud
Closes #4339
|
| |
|
|
| |
Closes #4332
|
| |
|
|
|
|
|
|
| |
This commit fixes a regression introduced by curl-7_65_3-5-gb88940850.
Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind
and libmetalink enabled.
Closes #4326
|
| |
|
|
|
|
|
|
| |
If FILE or FTP are enabled, since they also use them!
Reported-by: Roland Hieber
Fixes #4325
Closes #4343
|
| |
|
|
|
|
|
| |
... by using a more efficient realloc scheme.
Bug: https://curl.haxx.se/mail/lib-2019-09/0045.html
Closes #4336
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For FTPS transfers, curl gets close_notify on the data connection
without that being a signal to close the control connection!
Regression since 3f5da4e59a556fc (7.65.0)
Reported-by: Zenju on github
Reviewed-by: Jay Satiro
Fixes #4329
Closes #4340
|
| |
|
|
| |
Closes #4338
|
| | |
|
| | |
|
| |
|
|
|
|
| |
... by using the *_LAST define names better.
Closes #4321
|
| |
|
|
|
|
| |
Reported-by: Dagobert Michelsen
Fixes #4328
Closes #4333
|
| |
|
|
|
|
|
|
|
|
| |
Without that modification, the Windows build using the makefiles doesn't
work.
Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu>
Fixes #4322
Closes #4323
|
| |
|
|
|
|
| |
The file had mixed line endings.
Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Despite ldapp_err2string being documented by MS as returning a
PCHAR (char *), when UNICODE it is mapped to ldap_err2stringW and
returns PWCHAR (wchar_t *).
We have lots of code that expects ldap_err2string to return char *,
most of it failf used like this:
failf(data, "LDAP local: Some error: %s", ldap_err2string(rc));
Closes https://github.com/curl/curl/pull/4272
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The logic could erroneously break the loop too early before all
transfers had been transferred.
Reported-by: Tom van der Woerdt
Fixes #4316
Closes #4317
|
| | |
|
| |
|
|
|
|
|
|
|
| |
It needs to parse correctly. Otherwise it could be tricked into letting
through a-f using host names that libcurl would then resolve. Like
'[ab.be]'.
Reported-by: Thomas Vegas
Closes #4315
|
| |
|
|
|
|
|
|
| |
OpenSSL 1.1.0 adds SSL_CTX_set_<min|max>_proto_version() that we now use
when available. Existing code is preserved for older versions of
OpenSSL.
Closes #4304
|
| | |
|
| |
|
|
| |
Closes #4299
|
| | |
|
| |
|
|
|
|
|
| |
Reviewed-by: Jay Satiro
Reported-by: Thomas Vegas
Closes #4307
|
| |
|
|
|
|
| |
Reported-by: codesniffer13 on github
Fixes #4302
Closes #4305
|
| |
|
|
|
|
|
| |
... that could end up a double-free
CVE-2019-5481
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
|
