delta/curl.git - github.com: bagder/curl.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Curl_dedotdotify(): always nul terminate returned string.	Even Rouault	2018-09-24	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This fixes potential out-of-buffer access on "file:./" URL $ valgrind curl "file:./" ==24516== Memcheck, a memory error detector ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==24516== Command: /home/even/install-curl-git/bin/curl file:./ ==24516== ==24516== Conditional jump or move depends on uninitialised value(s) ==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24516== by 0x4EBB315: seturl (urlapi.c:801) ==24516== by 0x4EBB568: parseurl (urlapi.c:861) ==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199) ==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044) ==24516== by 0x4E67AEF: create_conn (url.c:3613) ==24516== by 0x4E68A4F: Curl_connect (url.c:4119) ==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440) ==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173) ==24516== by 0x4E7558C: easy_transfer (easy.c:686) ==24516== by 0x4E75801: easy_perform (easy.c:779) ==24516== by 0x4E75868: curl_easy_perform (easy.c:798) Was originally spotted by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637 Credit to OSS-Fuzz Closes #3039
*	code style: use spaces around pluses	Daniel Stenberg	2017-09-11	1	-2/+2
\|
*	code style: use spaces around equals signs	Daniel Stenberg	2017-09-11	1	-13/+13
\|
*	dedotdot: fixed output for ".." and "." only input	Daniel Stenberg	2017-06-03	1	-1/+2
\| \| \| \| \| \| \|	Found when updating test 1395, which I did to increase test coverage of this source file... Closes #1535
*	memdebug: Ensure curl/curl.h is included before curl_memory.h	Steve Holme	2016-04-01	1	-1/+3
\| \| \| \|	Follow up to commit 7db9782dd6.
*	URLs: change more http to https	Viktor Szakats	2016-02-04	1	-1/+1
\|
*	URLs: change all http:// URLs to https://	Daniel Stenberg	2016-02-03	1	-1/+1
\|
*	dotdot: allow an empty input string too	Daniel Stenberg	2016-02-02	1	-1/+8
\| \| \| \| \| \| \|	It isn't used by the code in current conditions but for safety it seems sensible to at least not crash on such input. Extended unit test 1395 to verify this too as well as a plain "/" input.
*	copyright: Updated following recent edits	Steve Holme	2014-04-28	1	-1/+1
\|
*	Added a few more const where possible	Dan Fandrich	2014-04-29	1	-1/+1
\|
*	dotdot.c: Fix a RFC section number in a comment for Curl_dedotdotify()	Fabian Keil	2013-07-23	1	-1/+1
\|
*	dotdot.c: fix global declaration shadowing	Yang Tse	2013-07-11	1	-13/+13
\|
*	dotdot: introducing dot file path cleanup	Daniel Stenberg	2013-06-22	1	-0/+170
	RFC3986 details how a path part passed in as part of a URI should be "cleaned" from dot sequences before getting used. The described algorithm is now implemented in lib/dotdot.c with the accompanied test case in test 1395. Bug: http://curl.haxx.se/bug/view.cgi?id=1200 Reported-by: Alex Vinnik