|
Revision tags: curl-7_61_0 |
|
| #
c45360d4 |
| 02-Jun-2018 |
Marian Klymov |
cppcheck: fix warnings
- Get rid of variable that was generating false positive warning
(unitialized)
- Fix issues in tests
- Reduce scope of several variables all over
cppcheck: fix warnings
- Get rid of variable that was generating false positive warning
(unitialized)
- Fix issues in tests
- Reduce scope of several variables all over
etc
Closes #2631
show more ...
|
| #
8ea5d41f |
| 28-May-2018 |
Rikard Falkeborn |
strictness: correct {infof, failf} format specifiers
Closes #2623
|
| #
8541d02c |
| 28-May-2018 |
Patrick Monnerat |
psl: use latest psl and refresh it periodically
The latest psl is cached in the multi or share handle. It is refreshed
before use after 72 hours.
New share lock CURL_LOCK_DATA_PSL co
psl: use latest psl and refresh it periodically
The latest psl is cached in the multi or share handle. It is refreshed
before use after 72 hours.
New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing.
If the latest psl is not available, the builtin psl is used.
Reported-by: Yaakov Selkowitz
Fixes #2553
Closes #2601
show more ...
|
|
Revision tags: curl-7_60_0 |
|
| #
1b55d270 |
| 12-May-2018 |
Patrick Monnerat |
cookies: do not take cookie name as a parameter
RFC 6265 section 4.2.1 does not set restrictions on cookie names.
This is a follow-up to commit 7f7fcd0.
Also explicitly check proper
cookies: do not take cookie name as a parameter
RFC 6265 section 4.2.1 does not set restrictions on cookie names.
This is a follow-up to commit 7f7fcd0.
Also explicitly check proper syntax of cookie name/value pair.
New test 1155 checks that cookie names are not reserved words.
Reported-By: anshnd at github
Fixes #2564
Closes #2566
show more ...
|
| #
732d0938 |
| 24-Apr-2018 |
Daniel Gustafsson |
cookies: ensure that we have cookies before writing jar
The jar should be written iff there are cookies, so ensure that we still
have cookies after expiration to avoid creating an empty
cookies: ensure that we have cookies before writing jar
The jar should be written iff there are cookies, so ensure that we still
have cookies after expiration to avoid creating an empty file.
Closes #2529
show more ...
|
| #
dd03e8c2 |
| 06-Apr-2018 |
Daniel Stenberg |
hash: calculate sizes with size_t instead of longs
... since they return size_t anyway!
closes #2462
|
| #
746479ad |
| 05-Apr-2018 |
Lauri Kasanen |
cookie: case-insensitive hashing for the domains
closes #2458
|
| #
82dfdac5 |
| 04-Apr-2018 |
Patrick Monnerat |
cookie: fix and optimize 2nd top level domain name extraction
This fixes a segfault occurring when a name of the (invalid) form "domain..tld"
is processed.
test46 updated to cov
cookie: fix and optimize 2nd top level domain name extraction
This fixes a segfault occurring when a name of the (invalid) form "domain..tld"
is processed.
test46 updated to cover this case.
Follow-up to commit c990ead.
Ref: https://github.com/curl/curl/pull/2440
show more ...
|
| #
c990eadd |
| 30-Mar-2018 |
Lauri Kasanen |
cookie: store cookies per top-level-domain-specific hash table
This makes libcurl handle thousands of cookies much better and speedier.
Closes #2440
|
| #
4073cd83 |
| 30-Mar-2018 |
Lauri Kasanen |
cookies: when reading from a file, only remove_expired once
This drops the cookie load time for 8k cookies from 178ms to 15ms.
Closes #2441
|
|
Revision tags: curl-7_59_0 |
|
| #
4c46dfc3 |
| 25-Jan-2018 |
Daniel Stenberg |
cookies: remove verbose "cookie size:" output
It was once used for some debugging/verifying logic but should never have
ended up in git!
|
|
Revision tags: curl-7_58_0, curl-7_57_0 |
|
| #
fa394c8c |
| 30-Oct-2017 |
Daniel Stenberg |
cookie: avoid NULL dereference
... when expiring old cookies.
Reported-by: Pavel Gushchin
Fixes #2032
Closes #2035
|
|
Revision tags: curl-7_56_1, curl-7_56_0 |
|
| #
8392a0cf |
| 30-Sep-2017 |
Daniel Stenberg |
cookie: fix memory leak if path was set twice in header
... this will let the second occurance override the first.
Added test 1161 to verify.
Reported-by: Max Dymond
Fi
cookie: fix memory leak if path was set twice in header
... this will let the second occurance override the first.
Added test 1161 to verify.
Reported-by: Max Dymond
Fixes #1932
Closes #1933
show more ...
|
| #
20ea22ff |
| 29-Sep-2017 |
Daniel Stenberg |
cookie: fix memory leak on oversized rejection
Regression brought by 2bc230de63b
Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513
Assisted-by: Ma
cookie: fix memory leak on oversized rejection
Regression brought by 2bc230de63b
Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513
Assisted-by: Max Dymond
Closes #1930
show more ...
|
| #
5fe85587 |
| 18-Sep-2017 |
Pavel P |
cookies: use lock when using CURLINFO_COOKIELIST
Closes #1896
|
| #
2bc230de |
| 17-Sep-2017 |
Daniel Stenberg |
cookies: reject oversized cookies
... instead of truncating them.
There's no fixed limit for acceptable cookie names in RFC 6265, but the
entire cookie is said to be less than 4
cookies: reject oversized cookies
... instead of truncating them.
There's no fixed limit for acceptable cookie names in RFC 6265, but the
entire cookie is said to be less than 4096 bytes (section 6.1). This is
also what browsers seem to implement.
We now allow max 5000 bytes cookie header. Max 4095 bytes length per
cookie name and value. Name + value together may not exceed 4096 bytes.
Added test 1151 to verify
Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html
Reported-by: Kevin Smith
Closes #1894
show more ...
|
| #
e5743f08 |
| 09-Sep-2017 |
Daniel Stenberg |
code style: use spaces around pluses
|
| #
6b84438d |
| 09-Sep-2017 |
Daniel Stenberg |
code style: use spaces around equals signs
|
| #
ff50fe03 |
| 14-Aug-2017 |
Daniel Stenberg |
strtoofft: reduce integer overflow risks globally
... make sure we bail out on overflows.
Reported-by: Brian Carpenter
Closes #1758
|
|
Revision tags: curl-7_55_1, curl-7_55_0, curl-7_54_1, curl-7_54_0 |
|
| #
66de5634 |
| 10-Mar-2017 |
Sylvestre Ledru |
Improve code readbility
... by removing the else branch after a return, break or continue.
Closes #1310
|
|
Revision tags: curl-7_53_1 |
|
| #
588960be |
| 21-Feb-2017 |
Daniel Stenberg |
cookie: fix declaration of 'dup' shadows a global declaration
|
|
Revision tags: curl-7_53_0 |
|
| #
cbd4e1fa |
| 27-Jan-2017 |
Daniel Stenberg |
cookies: do not assume a valid domain has a dot
This repairs cookies for localhost.
Non-PSL builds will now only accept "localhost" without dots, while PSL
builds okeys everythi
cookies: do not assume a valid domain has a dot
This repairs cookies for localhost.
Non-PSL builds will now only accept "localhost" without dots, while PSL
builds okeys everything not listed as PSL.
Added test 1258 to verify.
This was a regression brought in a76825a5efa6b4
show more ...
|
|
Revision tags: curl-7_52_1, curl-7_52_0 |
|
| #
1c3e8bbf |
| 14-Dec-2016 |
Daniel Stenberg |
checksrc: warn for assignments within if() expressions
... they're already frowned upon in our source code style guide, this
now enforces the rule harder.
|
| #
dbadaebf |
| 23-Nov-2016 |
Daniel Stenberg |
checksrc: code style: use 'char *name' style
|
|
Revision tags: curl-7_51_0 |
|
| #
cff89bc0 |
| 27-Sep-2016 |
Daniel Stenberg |
cookie: replace use of fgets() with custom version
... that will ignore lines that are too long to fit in the buffer.
CVE-2016-8615
Bug: https://curl.haxx.se/docs/adv_20161
cookie: replace use of fgets() with custom version
... that will ignore lines that are too long to fit in the buffer.
CVE-2016-8615
Bug: https://curl.haxx.se/docs/adv_20161102A.html
Reported-by: Cure53
show more ...
|
