#
920f73a6 |
| 14-Mar-2018 |
dasimx |
FTP: fix typo in recursive callback detection for seeking Fixes #2380
|
Revision tags: curl-7_59_0 |
|
#
535432c0 |
| 31-Jan-2018 |
Daniel Stenberg |
FTP: reject path components with control codes Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in th
FTP: reject path components with control codes Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in the directory part when using the 'singlecwd' ftp method could make curl write a zero byte outside of the allocated buffer. Test case 340 verifies. CVE-2018-1000120 Reported-by: Duy Phan Thanh Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
show more ...
|
#
7e35eb77 |
| 23-Feb-2018 |
Viktor Szakats |
spelling fixes Detected using the `codespell` tool. Also contains one URL protocol upgrade. Closes https://github.com/curl/curl/pull/2334
|
#
b46cfbc0 |
| 10-Feb-2018 |
Björn Stenberg |
TODO fixed: Detect when called from within callbacks Closes #2302
|
#
ddd31dc5 |
| 31-Jan-2018 |
Daniel Stenberg |
time_t-fixes: remove typecasts to 'long' for info.filetime They're now wrong. Reported-by: Michael Kaufmann Closes #2277
|
#
e04417d9 |
| 29-Jan-2018 |
Max Dymond |
Curl_range: commonize FTP and FILE range handling Closes #2205
|
Revision tags: curl-7_58_0, curl-7_57_0 |
|
#
0d85eed3 |
| 26-Oct-2017 |
Daniel Stenberg |
Curl_timeleft: change return type to timediff_t returning 'time_t' is problematic when that type is unsigned and we return values less than zero to signal "already expired", used in
Curl_timeleft: change return type to timediff_t returning 'time_t' is problematic when that type is unsigned and we return values less than zero to signal "already expired", used in several places in the code. Closes #2021
show more ...
|
#
7b11c5db |
| 25-Oct-2017 |
Max Dymond |
wildcards: don't use with non-supported protocols Fixes timeouts in the fuzzing tests for non-FTP protocols. Closes #2016
|
#
5d543fe9 |
| 25-Oct-2017 |
Daniel Stenberg |
time: rename Curl_tvnow to Curl_now ... since the 'tv' stood for timeval and this function does not return a timeval struct anymore. Also, cleaned up the Curl_timediff*() functi
time: rename Curl_tvnow to Curl_now ... since the 'tv' stood for timeval and this function does not return a timeval struct anymore. Also, cleaned up the Curl_timediff*() functions to avoid typecasts and clean up the descriptive comments. Closes #2011
show more ...
|
#
b9d25f9a |
| 23-Oct-2017 |
Daniel Stenberg |
timediff: return timediff_t from the time diff functions ... to cater for systems with unsigned time_t variables. - Renamed the functions to curlx_timediff and Curl_timediff_us.
timediff: return timediff_t from the time diff functions ... to cater for systems with unsigned time_t variables. - Renamed the functions to curlx_timediff and Curl_timediff_us. - Added overflow protection for both of them in either direction for both 32 bit and 64 bit time_ts - Reprefixed the curlx_time functions to use Curl_* Reported-by: Peter Piekarski Fixes #2004 Closes #2005
show more ...
|
Revision tags: curl-7_56_1 |
|
#
769647e7 |
| 19-Oct-2017 |
Daniel Stenberg |
ftp: reject illegal IP/port in PASV 227 response ... by using range checks. Among other things, this avoids an undefined behavior for a left shift that could happen on negative or very l
ftp: reject illegal IP/port in PASV 227 response ... by using range checks. Among other things, this avoids an undefined behavior for a left shift that could happen on negative or very large values. Closes #1997 Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
show more ...
|
#
ecf21c55 |
| 10-Oct-2017 |
Daniel Stenberg |
FTP: URL decode path for dir listing in nocwd mode Reported-by: Zenju on github Test 244 added to verify Fixes #1974 Closes #1976
|
#
a69a4d22 |
| 03-Oct-2017 |
Daniel Stenberg |
ftp: UBsan fixup 'pointer index expression overflowed' Closes #1939
|
Revision tags: curl-7_56_0 |
|
#
5ff2c5ff |
| 24-Sep-2017 |
Daniel Stenberg |
FTP: zero terminate the entry path even on bad input ... a single double quote could leave the entry path buffer without a zero terminating byte. CVE-2017-1000254 Test 1152 adde
FTP: zero terminate the entry path even on bad input ... a single double quote could leave the entry path buffer without a zero terminating byte. CVE-2017-1000254 Test 1152 added to verify. Reported-by: Max Dymond Bug: https://curl.haxx.se/docs/adv_20171004.html
show more ...
|
#
87501e57 |
| 12-Sep-2017 |
Daniel Stenberg |
code style: remove wrong uses of multiple spaces Closes #1878
|
#
e5743f08 |
| 09-Sep-2017 |
Daniel Stenberg |
code style: use spaces around pluses
|
#
6b84438d |
| 09-Sep-2017 |
Daniel Stenberg |
code style: use spaces around equals signs
|
#
c95eff4a |
| 15-Aug-2017 |
Daniel Stenberg |
ftp: fix CWD when doing multicwd then nocwd on same connection Fixes #1782 Closes #1787 Reported-by: Peter Lamare
|
#
ff50fe03 |
| 14-Aug-2017 |
Daniel Stenberg |
strtoofft: reduce integer overflow risks globally ... make sure we bail out on overflows. Reported-by: Brian Carpenter Closes #1758
|
Revision tags: curl-7_55_1, curl-7_55_0 |
|
#
2ccd65af |
| 03-Aug-2017 |
Daniel Stenberg |
FTP: skip unnecessary CWD when in nocwd mode ... when reusing a connection. If it didn't do any CWD previously. Fixes #1718
|
#
4dee50b9 |
| 28-Jul-2017 |
Daniel Stenberg |
timeval: struct curltime is a struct timeval replacement ... to make all libcurl internals able to use the same data types for the struct members. The timeval struct differs subtly on se
timeval: struct curltime is a struct timeval replacement ... to make all libcurl internals able to use the same data types for the struct members. The timeval struct differs subtly on several platforms so it makes it cumbersome to use everywhere. Ref: #1652 Closes #1693
show more ...
|
Revision tags: curl-7_54_1 |
|
#
c75f63d7 |
| 31-May-2017 |
Max Dymond |
handler: refactor connection checking Add a new type of callback to Curl_handler which performs checks on the connection. Alter RTSP so that it uses this callback to do its own check
handler: refactor connection checking Add a new type of callback to Curl_handler which performs checks on the connection. Alter RTSP so that it uses this callback to do its own check on connection health.
show more ...
|
#
efc83d6d |
| 15-Jun-2017 |
Daniel Stenberg |
http-proxy: only attempt FTP over HTTP proxy ... all other non-HTTP protocol schemes are now defaulting to "tunnel trough" mode if a HTTP proxy is specified. In reality there are no HTTP
http-proxy: only attempt FTP over HTTP proxy ... all other non-HTTP protocol schemes are now defaulting to "tunnel trough" mode if a HTTP proxy is specified. In reality there are no HTTP proxies out there that allow those other schemes. Assisted-by: Ray Satiro, Michael Kaufmann Closes #1505
show more ...
|
#
5113ad04 |
| 07-Jun-2017 |
Daniel Stenberg |
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
|
#
e9fd794a |
| 09-May-2017 |
Daniel Stenberg |
multi: assign IDs to all timers and make each timer singleton A) reduces the timeout lists drastically B) prevents a lot of superfluous loops for timers that expires "in vain"
multi: assign IDs to all timers and make each timer singleton A) reduces the timeout lists drastically B) prevents a lot of superfluous loops for timers that expires "in vain" when it has actually already been extended to fire later on
show more ...
|