| 9275c2be | 06-Jan-2020 |
Daniel Stenberg |
multi.h: move INITIAL_MAX_CONCURRENT_STREAMS from public header
... to the private multihhandle.h. It is not for public use and it
wasn't prefixed correctly anyway!
Closes #4790 |
| 50e35ccf | 06-Jan-2020 |
Daniel Stenberg |
file: fix copyright year range
Follow-up to 1b71bc532bd |
| 4c34af4c | 04-Jan-2020 |
Daniel Stenberg |
curl -w: handle a blank input file correctly
Previously it would end up with an uninitialized memory buffer that
would lead to a crash or junk getting output.
Added test 1271 to
curl -w: handle a blank input file correctly
Previously it would end up with an uninitialized memory buffer that
would lead to a crash or junk getting output.
Added test 1271 to verify.
Reported-by: Brian Carpenter
Closes #4786
show more ...
|
| 1b71bc53 | 07-Nov-2019 |
Daniel Stenberg |
file: on Windows, refuse paths that start with \\
... as that might cause an unexpected SMB connection to a given host
name.
Reported-by: Fernando Muñoz
CVE-2019-15601
B
file: on Windows, refuse paths that start with \\
... as that might cause an unexpected SMB connection to a given host
name.
Reported-by: Fernando Muñoz
CVE-2019-15601
Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
show more ...
|
| aeb32d05 | 06-Jan-2020 |
Jay Satiro |
CURLOPT_READFUNCTION.3: fix fopen params in example |
| e9dd17b7 | 06-Jan-2020 |
Jay Satiro |
CURLOPT_READFUNCTION.3: fix variable name in example
Reported-by: Paul Joyce
Fixes https://github.com/curl/curl/issues/4787 |
| 459d0db4 | 05-Jan-2020 |
Daniel Stenberg |
curl:getparameter return error for --http3 if libcurl doesn't support
Closes #4785 |
| 2150c4b5 | 05-Jan-2020 |
Daniel Stenberg |
docs: mention CURL_MAX_INPUT_LENGTH restrictions
... for curl_easy_setopt() and curl_url_set().
[skip ci]
Closes #4783 |
| 392bff4a | 04-Jan-2020 |
Daniel Stenberg |
curl: properly free mimepost data
... as it could otherwise leak memory when a transfer failed.
Added test 1293 to verify.
Reported-by: Brian Carpenter
Fixes #4781
curl: properly free mimepost data
... as it could otherwise leak memory when a transfer failed.
Added test 1293 to verify.
Reported-by: Brian Carpenter
Fixes #4781
Closes #4782
show more ...
|
| 271ec6b9 | 04-Jan-2020 |
Daniel Stenberg |
curl: cleanup multi handle on failure
... to fix memory leak in error path.
Fixes #4772
Closes #4780
Reported-by: Brian Carpenter |
| 291ed521 | 03-Jan-2020 |
Marcel Raad |
lib: fix compiler warnings with `CURL_DISABLE_VERBOSE_STRINGS`
Closes https://github.com/curl/curl/pull/4775 |
| e24ea706 | 03-Jan-2020 |
Daniel Stenberg |
COPYING: it's 2020!
[skip ci] |
| be83fe11 | 02-Jan-2020 |
Marc Aldorasi |
tests: Fix bounce requests with truncated writes
Prior to this change the swsbounce check in service_connection could
fail because prevtestno and prevpartno were not set, which would cau
tests: Fix bounce requests with truncated writes
Prior to this change the swsbounce check in service_connection could
fail because prevtestno and prevpartno were not set, which would cause
the wrong response data to be sent to some tests and cause them to fail.
Ref: https://github.com/curl/curl/pull/4717#issuecomment-570240785
show more ...
|
| a8d13336 | 13-Apr-2019 |
Marcel Raad |
tool: make a few char pointers point to const char instead
These are read-only.
Closes https://github.com/curl/curl/pull/4771 |
| 9603c829 | 29-Dec-2019 |
Jay Satiro |
tests: Change NTLM tests to require SSL
Prior to this change tests that required NTLM feature did not require
SSL feature.
There are pending changes to cmake builds that will al
tests: Change NTLM tests to require SSL
Prior to this change tests that required NTLM feature did not require
SSL feature.
There are pending changes to cmake builds that will allow enabling NTLM
in non-SSL builds in Windows. In that case the NTLM auth strings created
are different from what is expected by the NTLM tests and they fail:
"The issue with NTLM is that previous non-SSL builds would not enable
NTLM and so the NTLM tests would be skipped."
Assisted-by: marc-groundctl@users.noreply.github.com
Ref: https://github.com/curl/curl/pull/4717#issuecomment-566218729
Closes https://github.com/curl/curl/pull/4768
show more ...
|
| 9024b013 | 21-Dec-2019 |
Michael Forney |
bearssl: Improve I/O handling
Factor out common I/O loop as bearssl_run_until, which reads/writes TLS
records until the desired engine state is reached. This is now used for
the hand
bearssl: Improve I/O handling
Factor out common I/O loop as bearssl_run_until, which reads/writes TLS
records until the desired engine state is reached. This is now used for
the handshake, read, write, and close.
Match OpenSSL SSL_write behavior, and don't return the number of bytes
written until the corresponding records have been completely flushed
across the socket. This involves keeping track of the length of data
buffered into the TLS engine, and assumes that when CURLE_AGAIN is
returned, the write function will be called again with the same data
and length arguments. This is the same requirement of SSL_write.
Handle TLS close notify as EOF when reading by returning 0.
Closes https://github.com/curl/curl/pull/4748
show more ...
|
| 94348647 | 28-Dec-2019 |
Jay Satiro |
travis: Fix error detection
- Stop using inline shell scripts for before_script and script sections.
Prior to this change Travis could ignore errors from commands in inline
scri
travis: Fix error detection
- Stop using inline shell scripts for before_script and script sections.
Prior to this change Travis could ignore errors from commands in inline
scripts. I don't understand how or why it happens. This is a workaround.
Assisted-by: Simon Warta
Ref: https://github.com/travis-ci/travis-ci/issues/1066
Fixes https://github.com/curl/curl/issues/3730
Closes https://github.com/curl/curl/pull/3755
show more ...
|
| 249f7b37 | 29-Dec-2019 |
Jay Satiro |
tool_operate: fix mem leak when failed config parse
Found by fuzzing the config file.
Reported-by: Geeknik Labs
Fixes https://github.com/curl/curl/issues/4767 |
| 060fb84a | 24-Dec-2019 |
Xiang Xiao |
lib: remove erroneous +x file permission on some c files
Modified by commit eb9a604 accidentally.
Closes https://github.com/curl/curl/pull/4756 |
| 4b463992 | 24-Dec-2019 |
Xiang Xiao |
lib: fix warnings found when porting to NuttX
- Undefine DEBUGASSERT in curl_setup_once.h in case it was already
defined as a system macro.
- Don't compile write32_le in curl_
lib: fix warnings found when porting to NuttX
- Undefine DEBUGASSERT in curl_setup_once.h in case it was already
defined as a system macro.
- Don't compile write32_le in curl_endian unless
CURL_SIZEOF_CURL_OFF_T > 4, since it's only used by Curl_write64_le.
- Include <arpa/inet.h> in socketpair.c.
Closes https://github.com/curl/curl/pull/4756
show more ...
|
| 779b415a | 26-Dec-2019 |
Jay Satiro |
os400: Add missing CURLE error constants
Bug: https://github.com/curl/curl/pull/4754#issuecomment-569126922
Reported-by: Emil Engler |
| 97934a2f | 26-Dec-2019 |
Jay Satiro |
CURLOPT_HEADERFUNCTION.3: Document that size is always 1
For compatibility with `fwrite`, the `CURLOPT_HEADERFUNCTION` callback
is passed two `size_t` parameters which, when multiplied,
CURLOPT_HEADERFUNCTION.3: Document that size is always 1
For compatibility with `fwrite`, the `CURLOPT_HEADERFUNCTION` callback
is passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.
This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.
Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.
Reported-by: Frank Gevaerts
Commit-message-by: Christopher Head
Ref: https://github.com/curl/curl/pull/2787
Fixes https://github.com/curl/curl/issues/4758
show more ...
|
| 68da0b8b | 24-Dec-2019 |
Jay Satiro |
examples/postinmemory.c: Call curl_global_cleanup always
Prior to this change curl_global_cleanup was not called if
curl_easy_init failed.
Reported-by: kouzhudong@users.noreply.
examples/postinmemory.c: Call curl_global_cleanup always
Prior to this change curl_global_cleanup was not called if
curl_easy_init failed.
Reported-by: kouzhudong@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/4751
show more ...
|
| 4c2f5d52 | 21-Dec-2019 |
Daniel Stenberg |
url2file.c: fix copyright year
Follow-up to 525787269599b5 |
| 52578726 | 20-Dec-2019 |
Rickard Hallerbäck |
examples/url2file.c: corrected a comment
The comment was confusing and suggested that setting CURLOPT_NOPROGRESS
to 0L would both enable and disable debug output at the same time, like
examples/url2file.c: corrected a comment
The comment was confusing and suggested that setting CURLOPT_NOPROGRESS
to 0L would both enable and disable debug output at the same time, like
a Schrödinger's cat of CURLOPTs.
Closes #4745
show more ...
|
