Changelog
+Daniel Stenberg (9 Feb 2010)
+- When downloading compressed content over HTTP and the app as asked libcurl
+ to automatically uncompress it with the CURLOPT_ENCODING option, libcurl
+ could wrongly provide the callback with more data than what the maximum
+ documented amount. An application could thus get tricked into badness if the
+ maximum limit was trusted to be enforced by libcurl itself (as it is
+ documented).
+
+ This is further detailed and explained in the libcurl security advisory
+ 20100209 at
+
+ http://curl.haxx.se/docs/adv_20100209.html
+
Daniel Fandrich (3 Feb 2010)
- Changed the Watcom makefiles to make them easier to keep in sync with
Makefile.inc since that can't be included directly.
o FTP file size checks with ASCII transfers
o HTTP Cookie: headers sort cookies based on specified path lengths
o CURLM_CALL_MULTI_PERFORM fix for multi socket timeout calls
+ o libcurl data callback excessive length:
+ http://curl.haxx.se/docs/adv_20100209.html
This release includes the following known bugs:
Markus Koetter, Chad Monroe, Martin Storsjo, Siegfried Gyuricsko,
Jon Nelson, Julien Chaffraix, Renato Botelho, Peter Pentchev, Ingmar Runge,
Johan van Selst, Charles Kerr, Gil Weber, David McCreedy, Chris Conroy,
- Bjorn Stenberg, Mike Crowe, Joshua Kwan, Daniel Fandrich
+ Bjorn Stenberg, Mike Crowe, Joshua Kwan, Daniel Fandrich, Wesley Miaw
Thanks! (and sorry if I forgot to mention someone)
(doing so will reduce code size slightly). */
#define OLD_ZLIB_SUPPORT 1
-#define DSIZ 0x10000 /* buffer size for decompressed data */
+#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */
#define GZIP_MAGIC_0 0x1f
#define GZIP_MAGIC_1 0x8b
projects / curl / commitdiff