summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* fixup correct the range checks for *_RESUME_FROM*bagder/setopt-ms-integer-overflowsDaniel Stenberg2017-10-151-2/+2
|
* fixup mistakes in the range checksDaniel Stenberg2017-10-151-4/+4
|
* setopt: range check most long optionsDaniel Stenberg2017-10-141-36/+151
| | | | | ... filter early instead of risking "funny values" having to be dealt with elsewhere.
* setopt: avoid integer overflows when setting millsecond valuesDaniel Stenberg2017-10-144-10/+26
| | | | | | | | | | | ... that are multiplied by 1000 when stored. For 32 bit long systems, the max value accepted (2147483 seconds) is > 596 hours which is unlikely to ever be set by a legitimate application - and previously it didn't work either, it just caused undefined behavior. Also updated the man pages for these timeout options to mention the return code.
* mime: do not call failf() if easy handle is NULL.Patrick Monnerat2017-10-131-1/+2
|
* test651: curl_formadd with huge COPYCONTENTSDaniel Stenberg2017-10-134-2/+172
|
* mime: fix the content reader to handle >16K data properlyDaniel Stenberg2017-10-131-2/+1
| | | | | Reported-by: Jeroen Ooms Closes #1988
* mime: keep "text/plain" content type if user-specified.Patrick Monnerat2017-10-127-27/+35
| | | | | | Include test cases in 554, 587, 650. Fixes https://github.com/curl/curl/issues/1986
* cli tool: use file2memory() to buffer stdin in -F option.Patrick Monnerat2017-10-121-38/+15
| | | | Closes PR https://github.com/curl/curl/pull/1985
* cli tool: reimplement stdin buffering in -F option.Patrick Monnerat2017-10-123-14/+153
| | | | | | | | | | | | If stdin is not a regular file, its content is memory-buffered to enable a possible data "rewind". In all cases, stdin data size is determined before real use to avoid having an unknown part's size. --libcurl generated code is left as an unbuffered stdin fread/fseek callback part with unknown data size. Buffering is not supported in deprecated curl_formadd() API.
* winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2Daniel Stenberg2017-10-121-0/+1
|
* HELP-US: the label "PR-welcome" is now renamed to "help wanted"Daniel Stenberg2017-10-121-3/+3
| | | | following the new github "standard"
* RELEASE-NOTES: synced with 5505df7d2Daniel Stenberg2017-10-111-5/+30
|
* url: Update current connection SSL verify params in setoptArtak Galoyan2017-10-111-0/+30
| | | | | | | | | | | | | | | | Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active connection updates the current connection's (i.e.'connectdata' structure) appropriate ssl_config (and ssl_proxy_config) structures variables, making these options effective for ongoing connection. This functionality was available before and was broken by the following change: "proxy: Support HTTPS proxy and SOCKS+HTTP(s)" CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151. Bug: https://github.com/curl/curl/issues/1941 Closes https://github.com/curl/curl/pull/1951
* openssl: don't use old BORINGSSL_YYYYMM macrosDavid Benjamin2017-10-111-3/+2
| | | | | | | | | | | Those were temporary things we'd add and remove for our own convenience long ago. The last few stayed around for too long as an oversight but have since been removed. These days we have a running BORINGSSL_API_VERSION counter which is bumped when we find it convenient, but 2015-11-19 was quite some time ago, so just check OPENSSL_IS_BORINGSSL. Closes #1979
* test950; verify SMTP with custom requestDaniel Stenberg2017-10-102-1/+44
|
* ftpserver: support case insensitive commandsDaniel Stenberg2017-10-101-1/+1
|
* smtp_done: free data before returning (on send failure)Daniel Stenberg2017-10-101-3/+3
| | | | | | | | | | ... as otherwise it could leak that memory. Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600 Assisted-by: Max Dymond Closes #1977
* FTP: URL decode path for dir listing in nocwd modeDaniel Stenberg2017-10-103-13/+64
| | | | | | | | Reported-by: Zenju on github Test 244 added to verify Fixes #1974 Closes #1976
* test298: verify --ftp-method nowcwd with URL encoded pathDaniel Stenberg2017-10-091-1/+1
| | | | Ref: #1974
* CURLOPT_XFERINFODATA.3: fix duplicate see alsoDaniel Stenberg2017-10-091-2/+2
|
* CURLOPT_NOPROGRESS.3: also refer to xferinfofunctionDaniel Stenberg2017-10-091-5/+5
|
* FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTIONDaniel Stenberg2017-10-091-1/+1
|
* openssl: enable PKCS12 support for !BoringSSLDaniel Stenberg2017-10-093-7/+5
| | | | | | | | | Enable PKCS12 for all non-boringssl builds without relying on configure or cmake checks. Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html Reported-by: Christian Schmitz Closes #1948
* curl: don't pass semicolons when parsing Content-DispositionKristiyan Tsaklev2017-10-092-10/+7
| | | | | | Test 1422 updated to verify. Closes #1964
* mime: properly unbind mime structure in curl_mime_free().Patrick Monnerat2017-10-091-0/+1
| | | | | | | This allows freeing a mime structure bound to the easy handle before curl_easy_cleanup(). Fixes #1970.
* RTSP: avoid integer overflow on funny RTSP responseDaniel Stenberg2017-10-093-3/+60
| | | | | | | | | ... like a very large non-existing RTSP version number. Added test 577 to verify. Detected by OSS-fuzz. Closes #1969
* ftpserver: properly reset $ftptargetdir.Patrick Monnerat2017-10-081-1/+1
|
* test643: verify curl_mime_subparts() rejects cyclic additions.Patrick Monnerat2017-10-081-0/+27
|
* mime: refuse to add subparts to one of their own descendants.Patrick Monnerat2017-10-081-0/+15
| | | | | Reported-by: Alexey Melnichuk Fixes #1962
* mime: avoid resetting a part's encoder when part's contents change.Patrick Monnerat2017-10-081-1/+0
|
* mime: improve unbinding top multipart from easy handle.Patrick Monnerat2017-10-083-13/+45
| | | | Also avoid dangling pointers in referencing parts.
* RELEASE-NOTES: synced with a4c1c75da30af1Daniel Stenberg2017-10-081-177/+36
|
* curlver.h: next expected release is 7.57.0Daniel Stenberg2017-10-081-3/+3
|
* mime: be tolerant about setting twice the same header list in a part.Patrick Monnerat2017-10-081-1/+2
|
* docs: clarify form/mime usage of non-regular data files.Patrick Monnerat2017-10-083-5/+12
|
* Revert "multi_done: wait for name resolve to finish if still ongoing"Daniel Stenberg2017-10-082-6/+2
| | | | | | | | | This reverts commit f3e03f6c0ac52a1bf396e03f7d7e9b5b3b7165fe. Caused memory leaks in the fuzzer, needs to be done differently. Disable test 1553 for now too, as it causes memory leaks without this commit!
* remove_handle: call multi_done() first, then clear dns cache pointerDaniel Stenberg2017-10-071-6/+7
| | | | Closes #1960
* multi_done: wait for name resolve to finish if still ongoingDaniel Stenberg2017-10-071-0/+6
| | | | ... as we must clean up memory.
* pingpong: return error when trying to send without connectionDaniel Stenberg2017-10-075-4/+175
| | | | | | | | | | | | | When imap_done() got called before a connection is setup, it would try to "finish up" and dereffed a NULL pointer. Test case 1553 managed to reproduce. I had to actually use a host name to try to resolve to slow it down, as using the normal local server IP will make libcurl get a connection in the first curl_multi_perform() loop and then the bug doesn't trigger. Fixes #1953 Assisted-by: Max Dymond
* tests: added flaky keyword to tests 587 and 644Dan Fandrich2017-10-062-0/+2
| | | | These are around 5% flaky in my Linux x86 autobuilds.
* vtls: fix warnings with --disable-crypto-authMarcel Raad2017-10-061-0/+4
| | | | | When CURL_DISABLE_CRYPTO_AUTH is defined, Curl_none_md5sum's parameters are not used.
* multi_cleanup: call DONE on handles that never got thatDaniel Stenberg2017-10-065-20/+171
| | | | | | | | | | | ... fixes a memory leak with at least IMAP when remove_handle is never called and the transfer is abruptly just abandoned early. Test 1552 added to verify Detected by OSS-fuzz Assisted-by: Max Dymond Closes #1954
* strtoofft: Remove extraneous null checkBenbuck Nason2017-10-061-1/+4
| | | | | | | Fixes #1950: curlx_strtoofft() doesn't fully protect against null 'str' argument. Closes #1952
* openssl: fix build without HAVE_OPAQUE_EVP_PKEYDaniel Stenberg2017-10-061-1/+1
| | | | | | Reported-by: Javier Sixto Fixes #1955 Closes #1956
* lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSSViktor Szakats2017-10-061-2/+0
| | | | | | | | | | | | | | | | | The source code is now prepared to handle the case when both Win32 Crypto and OpenSSL/NSS crypto backends are enabled at the same time, making it now possible to enable `USE_WIN32_CRYPTO` whenever the targeted Windows version supports it. Since this matches the minimum Windows version supported by curl (Windows 2000), enable it unconditionally for the Win32 platform. This in turn enables SMB (and SMBS) protocol support whenever Win32 Crypto is available, regardless of what other crypto backends are enabled. Ref: https://github.com/curl/curl/pull/1840#issuecomment-325682052 Closes https://github.com/curl/curl/pull/1943
* build: fix --disable-crypto-authDaniel Stenberg2017-10-052-1/+11
| | | | | | Reported-by: Wyatt O'Day Fixes #1945 Closes #1947
* darwinssl: add support for TLSv1.3Nick Zitzmann2017-10-052-12/+83
| | | | Closes https://github.com/curl/curl/pull/1794
* docs: fix typo in curl_mime_data_cb man pageFelix Kaiser2017-10-041-1/+1
| | | | Closes #1946
* lib/Makefile.m32: allow customizing dll suffixesViktor Szakats2017-10-041-2/+6
| | | | | | | | | | | | | | - New `CURL_DLL_SUFFIX` envvar will add a suffix to the generated libcurl dll name. Useful to add `-x64` to 64-bit builds so that it can live in the same directory as the 32-bit one. By default this is empty. - New `CURL_DLL_A_SUFFIX` envvar to customize the suffix of the generated import library (implib) for libcurl .dll. It defaults to `dll`, and it's useful to modify that to `.dll` to have the standard naming scheme for mingw-built .dlls, i.e. `libcurl.dll.a`. Closes https://github.com/curl/curl/pull/1942
View Lorry Controller Status