]> granicus.if.org Git - curl/log
curl
10 years agoRELEASE-NOTES: Synced with 0ab2c444b5
Steve Holme [Fri, 9 May 2014 20:24:47 +0000 (21:24 +0100)]
RELEASE-NOTES: Synced with 0ab2c444b5

10 years agoMakefile.b32: Fixed for vtls changes
Steve Holme [Fri, 9 May 2014 20:09:51 +0000 (21:09 +0100)]
Makefile.b32: Fixed for vtls changes

Follow up fix to commits a47c142a8811e8066ef9 and 92b9ae5c5d.

Bug: http://curl.haxx.se/mail/lib-2014-05/0025.html
Reported and assisted by: Jon Torrey

10 years agolib1506: make sure the transfers are not within the same ms
Daniel Stenberg [Fri, 9 May 2014 14:48:46 +0000 (16:48 +0200)]
lib1506: make sure the transfers are not within the same ms

Just to make sure the test is properly repeatable.

Bug: http://curl.haxx.se/mail/lib-2014-05/0081.html
Reported-by: Henrik
10 years agolibtests: add a wait_ms() function
Daniel Stenberg [Fri, 9 May 2014 14:48:11 +0000 (16:48 +0200)]
libtests: add a wait_ms() function

This allows a libcurl test to portably sleep for a given number of
milliseconds.

10 years agotool_operate.c: Fixed TAB is white space from commit 5b8ae0a985
Steve Holme [Fri, 9 May 2014 12:29:23 +0000 (13:29 +0100)]
tool_operate.c: Fixed TAB is white space from commit 5b8ae0a985

10 years agotool_urlglob.c: Fixed compilation warning
Steve Holme [Fri, 9 May 2014 12:15:59 +0000 (13:15 +0100)]
tool_urlglob.c: Fixed compilation warning

An enumerated type is mixed with another type.

10 years agotool_operate.c: Fixed compilation warnings
Steve Holme [Fri, 9 May 2014 12:13:31 +0000 (13:13 +0100)]
tool_operate.c: Fixed compilation warnings

An enumerated type is mixed with another type.

10 years agogetinfo.c: Fixed compilation warning
Steve Holme [Fri, 9 May 2014 11:59:06 +0000 (12:59 +0100)]
getinfo.c: Fixed compilation warning

The indicated statement is not reachable.

10 years agoCONTRIBUTE: mention our Bug/Reported-by commit style
Daniel Stenberg [Fri, 9 May 2014 11:49:00 +0000 (13:49 +0200)]
CONTRIBUTE: mention our Bug/Reported-by commit style

10 years agohttp: avoid auth failure on a duplicated header
Kamil Dudka [Mon, 5 May 2014 12:49:30 +0000 (14:49 +0200)]
http: avoid auth failure on a duplicated header

... 'WWW-Authenticate: Negotiate' received from server

Reported by: David Woodhouse
Bug: https://bugzilla.redhat.com/1093348

10 years agocacertinmem: fix memory leak
Daniel Stenberg [Fri, 9 May 2014 11:33:21 +0000 (13:33 +0200)]
cacertinmem: fix memory leak

While "just" an example it still isn't nice to leak memory.

Bug: http://curl.haxx.se/bug/view.cgi?id=1368
Fixed-by: Marko
10 years agoTODO: firefox will soon support SSL (HTTPS) to proxy
Daniel Stenberg [Fri, 9 May 2014 09:36:11 +0000 (11:36 +0200)]
TODO: firefox will soon support SSL (HTTPS) to proxy

10 years agotest87: Get rid of extraneous square brackets in tag
Dan Fandrich [Fri, 9 May 2014 09:04:30 +0000 (11:04 +0200)]
test87: Get rid of extraneous square brackets in tag

10 years agomk-ca-bundle: added -p
Patrick Watson [Thu, 8 May 2014 09:37:45 +0000 (11:37 +0200)]
mk-ca-bundle: added -p

-p takes a list of Mozilla trust purposes and levels for certificates to
include in output.  Takes the form of a comma separated list of
purposes, a colon, and a comma separated list of levels.

10 years agoFAQ: Added 5.18 Does libcurl use threads?
Daniel Stenberg [Thu, 8 May 2014 07:30:35 +0000 (09:30 +0200)]
FAQ: Added 5.18 Does libcurl use threads?

10 years agoRELEASE-NOTES: Added contributor
Dan Fandrich [Wed, 7 May 2014 20:44:54 +0000 (22:44 +0200)]
RELEASE-NOTES: Added contributor

10 years agoconfigure: Don't set LD_LIBRARY_PATH when cross-compiling
Aaro Koskinen [Wed, 7 May 2014 18:29:47 +0000 (21:29 +0300)]
configure: Don't set LD_LIBRARY_PATH when cross-compiling

Most of LD_LIBRARY_PATH adjustments are already guarded, but not all.

The patch fixes cross-compilation failure when libidn is present.

10 years agohttp2: Compile with latest nghttp2
Tatsuhiro Tsujikawa [Wed, 7 May 2014 15:20:05 +0000 (00:20 +0900)]
http2: Compile with latest nghttp2

Now nghttp2_submit_request returns assigned stream ID, we don't have
to check stream ID using before_stream_send_callback.  The
adjust_priority_callback was removed.

10 years agocurl.1: Added missing --login-options option
Steve Holme [Wed, 7 May 2014 18:45:16 +0000 (19:45 +0100)]
curl.1: Added missing --login-options option

...and removed ;OPTIONS from --user as that functionality was removed
in 7.34.0.

10 years agotool_help: Fixed missing --login-options option
Steve Holme [Wed, 7 May 2014 16:25:40 +0000 (17:25 +0100)]
tool_help: Fixed missing --login-options option

...and removed ;OPTIONS from --user as that functionality was removed
in 7.34.0.

10 years agourl.c: Fixed compilation warning/error
Steve Holme [Wed, 7 May 2014 09:55:01 +0000 (10:55 +0100)]
url.c: Fixed compilation warning/error

Depending on compiler line 3505 could generate the following warning or
error:

* warning: ISO C90 forbids mixed declarations and code
* A declaration cannot appear after an executable statement in a block
* error C2275: 'size_t' : illegal use of this type as an expression

10 years agoTODO: Fixed some spelling mistakes
Steve Holme [Tue, 6 May 2014 21:23:50 +0000 (22:23 +0100)]
TODO: Fixed some spelling mistakes

10 years agoTODO: Add support for concurrent connections in ftpserver.pl
Steve Holme [Tue, 6 May 2014 21:16:03 +0000 (22:16 +0100)]
TODO: Add support for concurrent connections in ftpserver.pl

10 years agobuild: Fixed file format version number in VC12 solution files
Steve Holme [Tue, 6 May 2014 21:01:42 +0000 (22:01 +0100)]
build: Fixed file format version number in VC12 solution files

Unlike previous versions of Visual Studio the VC12 solution file format
does not increment the format version number, but instead, only changes
the version comment text.

This incorrectly set version number would cause problems for any third
party piece of software that would read the solution file expecting the
version number to be 12.00 and found it to be 13.00, such as some build
accelerators.

Verified against a freshly created solution file which was generated
with VC12.

10 years agobuild-openssl.bat: Corrected use of angled brackets in help output
Ivo Bellin Salarin [Tue, 6 May 2014 07:30:44 +0000 (09:30 +0200)]
build-openssl.bat: Corrected use of angled brackets in help output

Angled brackets were used in the help output to indicate that the
compiler and platform arguments are mandatory. Unfortunately this
caused a "< was unexpected at this time" error as the characters are
interpreted as re-direction characters when not escaped.

10 years agoRELEASE-NOTES: changed encoding to UTF-8
Dan Fandrich [Tue, 6 May 2014 12:08:13 +0000 (14:08 +0200)]
RELEASE-NOTES: changed encoding to UTF-8

10 years agoRELEASE-NOTES: synced with 5de8d84098db1bd2
Daniel Stenberg [Tue, 6 May 2014 08:39:31 +0000 (10:39 +0200)]
RELEASE-NOTES: synced with 5de8d84098db1bd2

10 years agofix_hostname: strip off a single trailing dot from host name
Daniel Stenberg [Mon, 5 May 2014 11:47:52 +0000 (13:47 +0200)]
fix_hostname: strip off a single trailing dot from host name

Primarily for SNI, we need the host name without a trailing dot.
"https://www.example.com." resolves fine but fails on SNI unless the dot
is removed.

Reported-by: Leon Winter
Bug: http://curl.haxx.se/mail/lib-2014-04/0161.html

10 years agocurl: bail on cookie use when built with disabled cookies
Daniel Stenberg [Mon, 5 May 2014 12:16:43 +0000 (14:16 +0200)]
curl: bail on cookie use when built with disabled cookies

10 years agoEnable poll on darwin13
Daniel Johnson [Tue, 6 May 2014 03:08:26 +0000 (05:08 +0200)]
Enable poll on darwin13

Poll has long been broken on Mac OS X. Starting with 10.9 (darwin13) it
now works correctly so this patch enables it there.

10 years agocurl_easy_setopt.3: added the proto for CURLOPT_SSH_KNOWNHOSTS
Daniel Stenberg [Mon, 5 May 2014 14:00:43 +0000 (16:00 +0200)]
curl_easy_setopt.3: added the proto for CURLOPT_SSH_KNOWNHOSTS

10 years agotests: Use standard libtest return codes when relevant
Dan Fandrich [Mon, 5 May 2014 13:30:05 +0000 (15:30 +0200)]
tests: Use standard libtest return codes when relevant

10 years agotest1513: Don't return an uninitialized variable on init failure
Dan Fandrich [Mon, 5 May 2014 13:29:23 +0000 (15:29 +0200)]
test1513: Don't return an uninitialized variable on init failure

10 years agocurl_multi_cleanup: ignore SIGPIPE better
Jeff King [Mon, 5 May 2014 10:47:46 +0000 (12:47 +0200)]
curl_multi_cleanup: ignore SIGPIPE better

When looping and closing each individual connection left open, the
SIGPIPE ignoring was not done and could thus lead to death by signal 13.

Bug: http://thread.gmane.org/gmane.comp.version-control.git/238242

10 years agoTODO: the FTP HOST command is now in RFC 7151
Daniel Stenberg [Mon, 5 May 2014 07:57:39 +0000 (09:57 +0200)]
TODO: the FTP HOST command is now in RFC 7151

10 years agoTODO: Update date and version in man pages
Daniel Stenberg [Mon, 5 May 2014 07:54:00 +0000 (09:54 +0200)]
TODO: Update date and version in man pages

Mentioned in bug #1342

10 years agoschannel: don't use the connect-timeout during send
Daniel Stenberg [Sun, 4 May 2014 22:07:54 +0000 (00:07 +0200)]
schannel: don't use the connect-timeout during send

As there's a default connection timeout and this wrongly used the
connection timeout during a transfer after the connection is completed,
this function would trigger timeouts during transfers erroneously.

Bug: http://curl.haxx.se/bug/view.cgi?id=1352
Figured-out-by: Radu Simionescu
10 years agomprintf: allow %.s with data not being zero terminated
Daniel Stenberg [Sun, 4 May 2014 21:37:24 +0000 (23:37 +0200)]
mprintf: allow %.s with data not being zero terminated

If the precision is indeed shorter than the string, don't strlen() to
find the end because that's not how the precision operator works.

I also added a unit test for curl_msnprintf to make sure this works and
that the fix doesn't a few other basic use cases. I found a POSIX
compliance problem that I marked TODO in the unit test, and I figure we
need to add more tests in the future.

Reported-by: Török Edwin
10 years agoRELEASE-NOTES: Synced with 4febbedc5a
Steve Holme [Sun, 4 May 2014 19:33:26 +0000 (20:33 +0100)]
RELEASE-NOTES: Synced with 4febbedc5a

10 years agocurl_ntlm_core: Fixed use of long long for VC6 and VC7
Steve Holme [Sun, 4 May 2014 17:59:55 +0000 (18:59 +0100)]
curl_ntlm_core: Fixed use of long long for VC6 and VC7

Commit 07b66cbfa4 unfortunately broke native NTLM message support in
compilers, such as VC6, VC7 and others, that don't support long long
type declarations. This commit fixes VC6 and VC7 as they support the
__int64 extension, however, we should consider an additional fix for
other compilers that don't support this.

10 years agoconfig-win32.h: Fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up
Steve Holme [Sun, 4 May 2014 17:54:10 +0000 (18:54 +0100)]
config-win32.h: Fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up

Fixed the HAVE_LONGLONG declaration as long long is supported in Visual
Studio .NET 2003 (VC7.1) onwards.

10 years agoopenssl: biomem->data is not zero terminated
Daniel Stenberg [Sat, 3 May 2014 22:50:10 +0000 (00:50 +0200)]
openssl: biomem->data is not zero terminated

So printf(%s) on it or reading before bounds checking is wrong, fixing
it. Could previously lead to reading out of boundary.

Reported-by: Török Edwin
10 years agoBUILD.WINDOWS: update URL for windows prereqs
Daniel Stenberg [Sat, 3 May 2014 22:48:06 +0000 (00:48 +0200)]
BUILD.WINDOWS: update URL for windows prereqs

10 years agoeasy_perform: spelling mistake in error message
Daniel Stenberg [Sat, 3 May 2014 21:09:26 +0000 (23:09 +0200)]
easy_perform: spelling mistake in error message

10 years agoMakefile.am: Added build-openssl.bat as README file references it
Steve Holme [Thu, 1 May 2014 22:26:34 +0000 (23:26 +0100)]
Makefile.am: Added build-openssl.bat as README file references it

Missed in commit dce748d3f1.

10 years agobuild: Fixed Visual Studio project file generator missing some files
Steve Holme [Thu, 1 May 2014 22:14:59 +0000 (23:14 +0100)]
build: Fixed Visual Studio project file generator missing some files

As of commit 6cdd88f22c the Visual Studio project file generator would
skip the first and last file from each group of files.

10 years agobuild: Added OpenSSL VC build helper for side-by-side compilations
Steve Holme [Thu, 1 May 2014 22:02:34 +0000 (23:02 +0100)]
build: Added OpenSSL VC build helper for side-by-side compilations

10 years agobuild: Added Visual Studio 2003 .NET (VC7.1) project files
Steve Holme [Thu, 1 May 2014 19:29:34 +0000 (20:29 +0100)]
build: Added Visual Studio 2003 .NET (VC7.1) project files

Carrying on from commit 11025613b9 added VC7.1 project files which are
capable of supporting side-by-side compilation, as well as support for
some of the third-party libraries curl uses.

10 years agotest585: Fixed NULL pointer dereference in fopen
Dan Fandrich [Thu, 1 May 2014 09:00:30 +0000 (11:00 +0200)]
test585: Fixed NULL pointer dereference in fopen

10 years agobuild: Fixed generation when source file names contain spaces
Steve Holme [Wed, 30 Apr 2014 22:24:42 +0000 (23:24 +0100)]
build: Fixed generation when source file names contain spaces

This shouldn't happen with the source files in the repository, but
fixed the output when there are spurious files lying around that
contain spaces. For example "pop3 - Copy.c"

By including the offending source file in the project files the user
can then see the file and remove it if necessary.

10 years agobuild: Added VC7 and VC7.1 support to the project file generator
Steve Holme [Sun, 27 Apr 2014 17:21:47 +0000 (18:21 +0100)]
build: Added VC7 and VC7.1 support to the project file generator

Note: VC7.1 templates are currently not available.

10 years agobuild: Added VC6 and VC12 support to the project file generator
Steve Holme [Sun, 27 Apr 2014 12:57:30 +0000 (13:57 +0100)]
build: Added VC6 and VC12 support to the project file generator

10 years agobuild: Added VC11 support to the project file generator
Steve Holme [Fri, 18 Apr 2014 09:45:53 +0000 (10:45 +0100)]
build: Added VC11 support to the project file generator

10 years agobuild: Added VC9 and VC10 support to the project file generator
Steve Holme [Wed, 16 Apr 2014 20:13:35 +0000 (21:13 +0100)]
build: Added VC9 and VC10 support to the project file generator

10 years agobuild: Added Visual Studio project file generator
Steve Holme [Sat, 5 Apr 2014 17:24:12 +0000 (18:24 +0100)]
build: Added Visual Studio project file generator

Added a batch file for generating the Visual Studio project files from
the new template files.

10 years agocopyright: Updated following recent edits
Steve Holme [Mon, 28 Apr 2014 22:15:47 +0000 (23:15 +0100)]
copyright: Updated following recent edits

10 years agoruntests.pl: Improved the check for a crash during torture tests
Dan Fandrich [Mon, 28 Apr 2014 22:06:32 +0000 (00:06 +0200)]
runtests.pl: Improved the check for a crash during torture tests

10 years agoAdded a few more const where possible
Dan Fandrich [Mon, 28 Apr 2014 22:05:19 +0000 (00:05 +0200)]
Added a few more const where possible

10 years agounit1395: Fixed null pointer dereference on torture test
Dan Fandrich [Mon, 28 Apr 2014 15:11:37 +0000 (17:11 +0200)]
unit1395: Fixed null pointer dereference on torture test

10 years agohttp2: Compile with latest nghttp2
Tatsuhiro Tsujikawa [Sun, 27 Apr 2014 07:28:31 +0000 (16:28 +0900)]
http2: Compile with latest nghttp2

commit 6d5f40238028f2d8c (Apr 27) or later nghttp2 is now required

10 years agobuild: Added other VC6 output files to the .gitignore list
Steve Holme [Sun, 27 Apr 2014 17:08:05 +0000 (18:08 +0100)]
build: Added other VC6 output files to the .gitignore list

10 years agobuild: Corrected libcurl PDB file name for x64 builds in VC8 through VC12
Steve Holme [Sun, 27 Apr 2014 16:49:24 +0000 (17:49 +0100)]
build: Corrected libcurl PDB file name for x64 builds in VC8 through VC12

10 years agobuild: Added Visual Studio .NET (VC7) project files
Steve Holme [Sun, 27 Apr 2014 16:28:59 +0000 (17:28 +0100)]
build: Added Visual Studio .NET (VC7) project files

Carrying on from commit 11025613b9 added VC7 project files which are
capable of supporting side-by-side compilation, as well as support for
some of the third-party libraries curl uses.

10 years agobuild: Added Visual Studio 6.0 (VC6) project files
Steve Holme [Sun, 27 Apr 2014 12:28:18 +0000 (13:28 +0100)]
build: Added Visual Studio 6.0 (VC6) project files

Carrying on from commit 11025613b9 added a more thorough version of
the VC6 project files which are capable of supporting side-by-side
compilation, as well as support for some of the third-party libraries
curl uses.

10 years agoINFILESIZE: fields in UserDefined must not be changed run-time
Daniel Stenberg [Tue, 15 Apr 2014 11:49:18 +0000 (13:49 +0200)]
INFILESIZE: fields in UserDefined must not be changed run-time

set.infilesize in this case was modified in several places, which could
lead to repeated requests using the same handle to get unintendent/wrong
consequences based on what the previous request did!

10 years agonss: propagate blocking direction from NSPR I/O
Kamil Dudka [Wed, 23 Apr 2014 13:37:26 +0000 (15:37 +0200)]
nss: propagate blocking direction from NSPR I/O

... during the non-blocking SSL handshake

10 years agotest325: verify --proto-redir https=>http
Daniel Stenberg [Wed, 23 Apr 2014 20:34:46 +0000 (22:34 +0200)]
test325: verify --proto-redir https=>http

10 years agohandler: make 'protocol' always specified as a single bit
Daniel Stenberg [Sun, 20 Apr 2014 17:37:54 +0000 (19:37 +0200)]
handler: make 'protocol' always specified as a single bit

This makes the findprotocol() function work as intended so that libcurl
can properly be restricted to not support HTTP while still supporting
HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS
bits in the protocol field.

This fixes --proto and --proto-redir for most SSL protocols.

This is done by adding a few new convenience defines that groups HTTP
and HTTPS, FTP and FTPS etc that should then be used when the code wants
to check for both protocols at once. PROTO_FAMILY_[protocol] style.

Bug: https://github.com/bagder/curl/pull/97
Reported-by: drizzt
10 years agobuild: Added Visual Studio 2013 (VC12) project files
Steve Holme [Wed, 23 Apr 2014 19:43:56 +0000 (20:43 +0100)]
build: Added Visual Studio 2013 (VC12) project files

Carrying on from commit 11025613b9 added VC12 project files which are
capable of supporting side-by-side compilation, 32-bit and 64-bit
builds as well as support for some of the third-party libraries curl
uses.

10 years agocyassl: Use error-ssl.h when available
Dan Fandrich [Wed, 23 Apr 2014 09:01:30 +0000 (11:01 +0200)]
cyassl: Use error-ssl.h when available

Versions since at least 2.9.4 renamed error.h to error-ssl.h, so use
whichever one is available.

10 years agoRELEASE-NOTES: Synced with 386ed2d590
Steve Holme [Tue, 22 Apr 2014 22:01:09 +0000 (23:01 +0100)]
RELEASE-NOTES: Synced with 386ed2d590

10 years agogtls: fix NULL pointer dereference
Daniel Stenberg [Tue, 22 Apr 2014 21:24:31 +0000 (23:24 +0200)]
gtls: fix NULL pointer dereference

gnutls_x509_crt_import() must not be called with a NULL certificate

Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html
Reported-by: Damian Dixon
10 years agocurl_global_init_mem: bump initialized even if already initialized
Daniel Stenberg [Tue, 22 Apr 2014 20:56:59 +0000 (22:56 +0200)]
curl_global_init_mem: bump initialized even if already initialized

As this makes curl_global_init_mem() behave the same way as
curl_global_init() already does in that aspect - the same number of
curl_global_cleanup() calls is then required to again decrease the
counter and then eventually do the cleanup.

Bug: http://curl.haxx.se/bug/view.cgi?id=1362
Reported-by: Tristan
10 years agonss: implement non-blocking SSL handshake
Kamil Dudka [Thu, 17 Apr 2014 11:27:39 +0000 (13:27 +0200)]
nss: implement non-blocking SSL handshake

10 years agonss: split Curl_nss_connect() into 4 functions
Kamil Dudka [Thu, 17 Apr 2014 11:12:59 +0000 (13:12 +0200)]
nss: split Curl_nss_connect() into 4 functions

10 years agotests: Fixed torture test for tests 1526 & 1527
Dan Fandrich [Tue, 22 Apr 2014 20:43:57 +0000 (22:43 +0200)]
tests: Fixed torture test for tests 1526 & 1527

10 years agosockfilt.c: clean up threaded approach and add documentation
Marc Hoersken [Tue, 22 Apr 2014 15:21:40 +0000 (17:21 +0200)]
sockfilt.c: clean up threaded approach and add documentation

10 years agosockfilt.c: zero initialize variable
Marc Hoersken [Tue, 22 Apr 2014 12:53:16 +0000 (14:53 +0200)]
sockfilt.c: zero initialize variable

10 years agosockfilt.c: fixed getting stuck waiting for MinGW stdin pipe
Marc Hoersken [Tue, 22 Apr 2014 12:52:33 +0000 (14:52 +0200)]
sockfilt.c: fixed getting stuck waiting for MinGW stdin pipe

10 years agoconfigure: use the nghttp2 path correctly with pkg-config
Daniel Stenberg [Mon, 21 Apr 2014 22:24:44 +0000 (00:24 +0200)]
configure: use the nghttp2 path correctly with pkg-config

When --with-nghttp2 was used (without a given path), the
PKG_CONFIG_LIBDIR varialbe could get clobbered and ruin a proper
detection of the library.

Reported-by: Dilyan Palauzov
Bug: http://curl.haxx.se/mail/lib-2014-04/0159.html

10 years agoconfigure: fix wrong comment
Dilyan Palauzov [Mon, 21 Apr 2014 18:12:20 +0000 (20:12 +0200)]
configure: fix wrong comment

copy and paste error

10 years agobuild: Fixed output name for Release builds in VC10 and VC11
Steve Holme [Mon, 21 Apr 2014 16:40:50 +0000 (17:40 +0100)]
build: Fixed output name for Release builds in VC10 and VC11

10 years agosockfilt.c: properly handle disk files, pipes and character input
Marc Hoersken [Sun, 20 Apr 2014 20:15:36 +0000 (22:15 +0200)]
sockfilt.c: properly handle disk files, pipes and character input

10 years agosockfilt.c: ignore non-key-events and continue waiting for input
Marc Hoersken [Sun, 20 Apr 2014 16:26:24 +0000 (18:26 +0200)]
sockfilt.c: ignore non-key-events and continue waiting for input

10 years agosockfilt.c: free memory in case of memory allocation errors
Marc Hoersken [Sun, 20 Apr 2014 16:22:28 +0000 (18:22 +0200)]
sockfilt.c: free memory in case of memory allocation errors

10 years agomulti.c: fix possible invalid memory access in case nfds overflows
Marc Hoersken [Sat, 19 Apr 2014 14:02:14 +0000 (16:02 +0200)]
multi.c: fix possible invalid memory access in case nfds overflows

ufds might not be allocated in case nfds overflows to zero while
extra_nfds is still non-zero. udfs is then accessed within the
extra_nfds-based for loop.

10 years agonetrc.c: fix multiple possible dereferences of null pointers
Marc Hoersken [Sat, 19 Apr 2014 14:00:43 +0000 (16:00 +0200)]
netrc.c: fix multiple possible dereferences of null pointers

10 years agoparsedate.c: check sscanf result before passing it to strlen
Marc Hoersken [Sat, 19 Apr 2014 13:47:07 +0000 (15:47 +0200)]
parsedate.c: check sscanf result before passing it to strlen

10 years agotelnet.c: check sscanf results before passing them to snprintf
Marc Hoersken [Sat, 19 Apr 2014 13:23:04 +0000 (15:23 +0200)]
telnet.c: check sscanf results before passing them to snprintf

10 years agotelnet.c: fix possible use of uninitialized variable
Marc Hoersken [Sat, 19 Apr 2014 13:18:19 +0000 (15:18 +0200)]
telnet.c: fix possible use of uninitialized variable

10 years agotelnet.c: fix possible use of non-null-terminated strings
Marc Hoersken [Sat, 19 Apr 2014 12:26:02 +0000 (14:26 +0200)]
telnet.c: fix possible use of non-null-terminated strings

10 years agourl.c: fix possible use of non-null-terminated string with strlen
Marc Hoersken [Sat, 19 Apr 2014 12:25:32 +0000 (14:25 +0200)]
url.c: fix possible use of non-null-terminated string with strlen

Follow up on b0e742544be22ede33206a597b22682e51e0c676

10 years agotool_writeout.c: initialize string pointer variable
Marc Hoersken [Fri, 18 Apr 2014 22:24:25 +0000 (00:24 +0200)]
tool_writeout.c: initialize string pointer variable

10 years agotool_formparse.c: fix possible use of non-null-terminated strings
Marc Hoersken [Fri, 18 Apr 2014 22:17:47 +0000 (00:17 +0200)]
tool_formparse.c: fix possible use of non-null-terminated strings

10 years agourl.c: fix possible use of non-null-terminated string with strlen
Marc Hoersken [Fri, 18 Apr 2014 22:17:21 +0000 (00:17 +0200)]
url.c: fix possible use of non-null-terminated string with strlen

10 years agoconnect.c: fix multiple possible dereferences of null pointers
Marc Hoersken [Fri, 18 Apr 2014 21:56:54 +0000 (23:56 +0200)]
connect.c: fix multiple possible dereferences of null pointers

In case the first address in the tempaddr array is NULL,
the code would previously dereference an unchecked null pointer.

10 years agotftp.c: fix possible dereference of null pointer
Marc Hoersken [Fri, 18 Apr 2014 21:53:48 +0000 (23:53 +0200)]
tftp.c: fix possible dereference of null pointer

10 years agotool_urlglob.c: added some comments to clarify for loop conditions
Marc Hoersken [Fri, 18 Apr 2014 21:28:26 +0000 (23:28 +0200)]
tool_urlglob.c: added some comments to clarify for loop conditions

I was tempted to change those to >= 0 until I saw that this is
actually a for loop that terminates once i underflows.

10 years agosocks_sspi.c: added pointer guards to FreeContextBuffer calls
Marc Hoersken [Fri, 18 Apr 2014 21:24:41 +0000 (23:24 +0200)]
socks_sspi.c: added pointer guards to FreeContextBuffer calls

The FreeContextBuffer SAL declaration does not declare the pointer
as optional, therefore it must not be NULL.

10 years agomd5.c: fix use of uninitialized variable
Marc Hoersken [Fri, 18 Apr 2014 20:59:25 +0000 (22:59 +0200)]
md5.c: fix use of uninitialized variable