summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* http_proxy: part of conditional expression is always true: !errorDaniel Stenberg2019-09-201-1/+1
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* imap: merged two case-branches performing the same actionDaniel Stenberg2019-09-201-4/+1
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* multi: value '2L' is assigned to a booleanDaniel Stenberg2019-09-201-1/+1
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* easy: part of conditional expression is always true: !resultDaniel Stenberg2019-09-201-3/+2
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* netrc: part of conditional expression is always true: !doneDaniel Stenberg2019-09-201-1/+1
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* version: Expression 'left > 1' is always trueDaniel Stenberg2019-09-201-7/+5
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* url: remove dead codeDaniel Stenberg2019-09-201-7/+0
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* url: part of expression is always true: (bundle->multiuse == 0)Daniel Stenberg2019-09-201-1/+1
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* ftp: the conditional expression is always trueDaniel Stenberg2019-09-201-4/+2
| | | | | | | ... both !result and (ftp->transfer != FTPTRANSFER_BODY)! Fixes warning detected by PVS-Studio Fixes #4374
* ftp: Expression 'ftpc->wait_data_conn' is always falseDaniel Stenberg2019-09-201-7/+2
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* ftp: Expression 'ftpc->wait_data_conn' is always trueDaniel Stenberg2019-09-201-6/+5
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* ftp: part of conditional expression is always true: !resultDaniel Stenberg2019-09-201-1/+1
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* http: fix Expression 'http->postdata' is always falseDaniel Stenberg2019-09-201-2/+1
| | | | | | Fixes warning detected by PVS-Studio Fixes #4374 Reported-by: Valerii Zapodovnikov
* doh: avoid truncating DNS QTYPE to lower octetNiall O'Reilly2019-09-191-2/+4
| | | | Closes #4381
* urlapi: CURLU_NO_AUTHORITY allows empty authority/host partJens Finkhaeuser2019-09-191-11/+25
| | | | | | | CURLU_NO_AUTHORITY is intended for use with unknown schemes (i.e. not "file:///") to override cURL's default demand that an authority exists. Closes #4349
* url: only reuse TLS connections with matching pinningDaniel Stenberg2019-09-193-1/+9
| | | | | | | | | | If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the connection should not be reused. Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html Reported-by: Sebastian Haglund Closes #4347
* http: merge two "case" statementsMichael Kaufmann2019-09-181-3/+0
|
* FTP: remove trailing slash from path for LIST/MLSDZenju2019-09-181-8/+7
| | | | Closes #4348
* mime: when disabled, avoid C99 macroDaniel Stenberg2019-09-182-3/+10
| | | | Closes #4368
* url: cleanup dangling DOH request headers tooDaniel Stenberg2019-09-181-0/+1
| | | | | | | | | Follow-up to 9bc44ff64d9081 Credit to OSS-Fuzz Bug: https://crbug.com/oss-fuzz/17269 Closes #4372
* http2: relax verification of :authority in push promise requestsChristoph M. Becker2019-09-161-1/+3
| | | | | | | | | | If the :authority pseudo header field doesn't contain an explicit port, we assume it is valid for the default port, instead of rejecting the request for all ports. Ref: https://curl.haxx.se/mail/lib-2019-09/0041.html Closes #4365
* doh: clean up dangling DOH handles and memory on easy closeDaniel Stenberg2019-09-162-5/+12
| | | | | | | | | If you set the same URL for target as for DoH (and it isn't a DoH server), like "https://example.com" in both, the easy handles used for the DoH requests could be left "dangling" and end up not getting freed. Reported-by: Paul Dreik Closes #4366
* smb: check for full size message before reading message detailsDaniel Stenberg2019-09-161-1/+2
| | | | | | | | To avoid reading of uninitialized data. Assisted-by: Max Dymond Bug: https://crbug.com/oss-fuzz/16907 Closes #4363
* quiche: persist connection detailsDaniel Stenberg2019-09-161-3/+3
| | | | | | | | | ... like we do for other protocols at connect time. This makes "curl -I" and other things work. Reported-by: George Liu Fixes #4358 Closes #4360
* openssl: fix warning with boringssl and SSL_CTX_set_min_proto_versionDaniel Stenberg2019-09-161-4/+9
| | | | | Follow-up to ffe34b7b59 Closes #4359
* doh: fix undefined behaviour and open up for gcc and clang optimizationPaul Dreik2019-09-151-2/+8
| | | | | | | | | | | | The undefined behaviour is annoying when running fuzzing with sanitizers. The codegen is the same, but the meaning is now not up for dispute. See https://cppinsights.io/s/516a2ff4 By incrementing the pointer first, both gcc and clang recognize this as a bswap and optimizes it to a single instruction. See https://godbolt.org/z/994Zpx Closes #4350
* doh: fix (harmless) buffer overrunPaul Dreik2019-09-151-2/+15
| | | | | | | | Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version.
* FTP: allow "rubbish" prepended to the SIZE responseDaniel Stenberg2019-09-131-2/+18
| | | | | | | | | | This is a protocol violation but apparently there are legacy proprietary servers doing this. Added test 336 and 337 to verify. Reported-by: Philippe Marguinaud Closes #4339
* FTP: skip CWD to entry dir when target is absoluteZenju2019-09-131-1/+3
| | | | Closes #4332
* parsedate: still provide the name arrays when disabledDaniel Stenberg2019-09-131-5/+9
| | | | | | | | If FILE or FTP are enabled, since they also use them! Reported-by: Roland Hieber Fixes #4325 Closes #4343
* openssl: close_notify on the FTP data connection doesn't mean closureDaniel Stenberg2019-09-131-1/+4
| | | | | | | | | | | | For FTPS transfers, curl gets close_notify on the data connection without that being a signal to close the control connection! Regression since 3f5da4e59a556fc (7.65.0) Reported-by: Zenju on github Reviewed-by: Jay Satiro Fixes #4329 Closes #4340
* setopt: make it easier to add new enum valuesZenju2019-09-121-7/+7
| | | | | | ... by using the *_LAST define names better. Closes #4321
* asyn-thread: s/AF_LOCAL/AF_UNIX for SolarisDaniel Stenberg2019-09-121-2/+2
| | | | | | Reported-by: Dagobert Michelsen Fixes #4328 Closes #4333
* ldap: Stop using wide char version of ldapp_err2stringJay Satiro2019-09-111-0/+6
| | | | | | | | | | | | | Despite ldapp_err2string being documented by MS as returning a PCHAR (char *), when UNICODE it is mapped to ldap_err2stringW and returns PWCHAR (wchar_t *). We have lots of code that expects ldap_err2string to return char *, most of it failf used like this: failf(data, "LDAP local: Some error: %s", ldap_err2string(rc)); Closes https://github.com/curl/curl/pull/4272
* urlapi: one colon is enough for the strspn() input (typo)Daniel Stenberg2019-09-101-1/+1
|
* urlapi: verify the IPv6 numerical addressDaniel Stenberg2019-09-101-4/+13
| | | | | | | | | It needs to parse correctly. Otherwise it could be tricked into letting through a-f using host names that libcurl would then resolve. Like '[ab.be]'. Reported-by: Thomas Vegas Closes #4315
* openssl: use SSL_CTX_set_<min|max>_proto_version() when availableClément Notin2019-09-101-11/+105
| | | | | | | | OpenSSL 1.1.0 adds SSL_CTX_set_<min|max>_proto_version() that we now use when available. Existing code is preserved for older versions of OpenSSL. Closes #4304
* openssl: indent, re-organize and add commentsClément Notin2019-09-101-32/+38
|
* sspi: fix memory leaksmigueljcrum2019-09-104-0/+21
| | | | Closes #4299
* Curl_fillreadbuffer: avoid double-free trailer buf on errorbagder/trailer-buf-freeDaniel Stenberg2019-09-093-12/+17
| | | | | | | Reviewed-by: Jay Satiro Reported-by: Thomas Vegas Closes #4307
* security:read_data fix bad realloc()Daniel Stenberg2019-09-091-4/+2
| | | | | | | ... that could end up a double-free CVE-2019-5481 Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
* tftp: Alloc maximum blksize, and use default unless OACK is receivedThomas Vegas2019-09-091-3/+9
| | | | | | | | Fixes potential buffer overflow from 'recvfrom()', should the server return an OACK without blksize. Bug: https://curl.haxx.se/docs/CVE-2019-5482.html CVE-2019-5482
* tftp: return error when packet is too small for optionsThomas Vegas2019-09-091-20/+33
|
* netrc: free 'home' on errorDaniel Stenberg2019-09-031-7/+12
| | | | | | | | Follow-up to f9c7ba9096ec2 Coverity CID 1453474 Closes #4291
* urldata: avoid 'generic', use dedicated pointersDaniel Stenberg2019-09-033-22/+25
| | | | | | For the 'proto' union within the connectdata struct. Closes #4290
* cleanup: move functions out of url.c and make them staticDaniel Stenberg2019-09-035-229/+220
| | | | Closes #4289
* smtp: check for and bail out on too short EHLO responseDaniel Stenberg2019-09-031-1/+5
| | | | | | | | | | | | Otherwise, a three byte response would make the smtp_state_ehlo_resp() function misbehave. Credit to OSS-Fuzz Bug: https://crbug.com/oss-fuzz/16918 Assisted-by: Max Dymond Closes #4287
* smb: init *msg to NULL in smb_send_and_recv()Daniel Stenberg2019-09-021-0/+1
| | | | | | | | | ... it might otherwise return OK from this function leaving that pointer uninitialized. Bug: https://crbug.com/oss-fuzz/16907 Closes #4286
* Curl_addr2string: take an addrlen argument tooDaniel Stenberg2019-08-313-14/+22
| | | | | | | | | | | This allows the function to figure out if a unix domain socket has a file name or not associated with it! When a socket is created with socketpair(), as done in the fuzzer testing, the path struct member is uninitialized and must not be accessed. Bug: https://crbug.com/oss-fuzz/16699 Closes #4283
* quiche: expire when poll returned dataDaniel Stenberg2019-08-301-0/+3
| | | | | | ... to make sure we continue draining the queue until empty Closes #4281
View Lorry Controller Status