Changelog
+Daniel Stenberg (26 Feb 2010)
+- Pat Ray in bug #2958474 pointed out an off-by-one case when receiving a
+ chunked-encoding trailer.
+
+ http://curl.haxx.se/bug/view.cgi?id=2958474
+
Daniel Fandrich (25 Feb 2010)
- Fixed a couple of out of memory leaks and a segfault in the SMTP & IMAP code.
o SMTP: now waits for 250 after the DATA transfer
o SMTP: use angle brackets in RCPT TO
o curl --trace-time not using local time
+ o off-by-one in the chunked encoding trailer parser
This release includes the following known bugs:
This release would not have looked like this without help, code, reports and
advice from friends like these:
- Steven M. Schweda, Yang Tse, Jack Zhang, Tom Donovan, Martin Hager
+ Steven M. Schweda, Yang Tse, Jack Zhang, Tom Donovan, Martin Hager,
+ Daniel Fandrich, Patrick Monnerat, Pat Ray
Thanks! (and sorry if I forgot to mention someone)
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
/* conn->trailer is assumed to be freed in url.c on a
connection basis */
if(conn->trlPos >= conn->trlMax) {
+ /* in this logic we always allocate one byte more than trlMax
+ contains, just because CHUNK_TRAILER_POSTCR will append two bytes
+ so we need to make sure we have room for an extra byte */
char *ptr;
if(conn->trlMax) {
conn->trlMax *= 2;
- ptr = realloc(conn->trailer,conn->trlMax);
+ ptr = realloc(conn->trailer, conn->trlMax + 1);
}
else {
conn->trlMax=128;
- ptr = malloc(conn->trlMax);
+ ptr = malloc(conn->trlMax + 1);
}
if(!ptr)
return CHUNKE_OUT_OF_MEMORY;
projects / curl / commitdiff