Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View

Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

Patrick Monnerat
x509asn1: replace single char with an array
Although safe in this context, using a single char as an array may
cause invalid accesses to adjacent memory locations.

Detected by Coverity.
Jay Satiro
easy: fix win32 init to work without CURL_GLOBAL_WIN32
- Change the behavior of win32_init so that the required initialization
  procedures are not affected by CURL_GLOBAL_WIN32 flag.

libcurl via curl_global_init supports initializing for win32 with an
optional flag CURL_GLOBAL_WIN32, which if omitted was meant to stop
Winsock initialization. It did so internally by skipping win32_init()
when that flag was set. Since then win32_init() has been expanded to
include required initialization routines that are separate from
Winsock and therefore must be called in all cases. This commit fixes
it so that CURL_GLOBAL_WIN32 only controls the optional win32
initialization (which is Winsock initialization, according to our doc).

The only users affected by this change are those that don't pass
CURL_GLOBAL_WIN32 to curl_global_init. For them this commit removes the
risk of a potential crash.

Ref: https://github.com/curl/curl/pull/3573

Fixes https://github.com/curl/curl/issues/3313
Closes https://github.com/curl/curl/pull/3575
Patrick Monnerat
curl: "Dereference of null pointer"
Rephrase to satisfy scan-build.
Daniel Stenberg
KNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10
Closes #2905
Daniel Gustafsson
cookie: Add support for cookie prefixes
The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes
and how they should affect cookie initialization, which has been
adopted by the major browsers. This adds support for the two prefixes
defined, __Host- and __Secure, and updates the testcase with the
supplied examples from the draft.

Closes #3554
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Patrick Monnerat
cli tool: fix mime post with --disable-libcurl-option configure option
Reported-by: Marcel Raad
Fixes #3576
Closes #3583
Daniel Stenberg
TODO: Upgrade to websockets
Closes #3523
Daniel Stenberg
x509asn1: cleanup and unify code layout
- rename 'n' to buflen in functions, and use size_t for them. Don't pass
  in negative buffer lengths.

- move most function comments to above the function starts like we use

- remove several unnecessary typecasts (especially of NULL)

Reviewed-by: Patrick Monnerat
Closes #3582
Daniel Stenberg
Curl_now: figure out windows version in win32_init
... and avoid use of static variables that aren't thread safe.

Fixes regression from e9ababd4f5a (present in the 7.64.0 release)

Reported-by: Paul Groke
Fixes #3572
Closes #3573
Patrick Monnerat
version.c: silent scan-build even when librtmp is not enabled
Daniel Stenberg
multi: Dereference of null pointer
Mostly a false positive, but this makes the code easier to read anyway.

Detected by scan-build.

Closes #3563
Daniel Stenberg
examples: remove superfluous null-pointer checks
in ftpget, ftpsget and sftpget, so that scan-build stops warning for
potential NULL pointer dereference below!

Detected by scan-build
Daniel Stenberg
examples/http2-download: cleaned up
To avoid scan-build warnings and global variables.
Daniel Stenberg
examples/http2-serverpush: add some sensible error checks
To avoid NULL pointer dereferences etc in the case of problems.

Closes #3580
Daniel Stenberg
configure: show features as well in the final summary
Closes #3569
Daniel Stenberg
TODO: TFO support on Windows
Nobody works on this now.

Closes #3378
Daniel Stenberg
KNOWN_BUGS: Cannot compile against a static build of OpenLDAP
Closes #2367
Daniel Stenberg
travis: enable valgrind for the iconv tests too
Closes #3571
Daniel Stenberg
examples/httpcustomheader: Value stored to 'res' is never read
Detected by scan-build
Daniel Stenberg
http: make adding a blank header thread-safe
Previously the function would edit the provided header in-place when a
semicolon is used to signify an empty header. This made it impossible to
use the same set of custom headers in multiple threads simultaneously.

This approach now makes a local copy when it needs to edit the string.

Reported-by: d912e3 on github
Fixes #3578
Closes #3579
Daniel Stenberg
KNOWN_BUGS: Deflate error after all content was received
Closes #2719
Daniel Stenberg
travis: add scan-build
Closes #3564
Daniel Stenberg
TODO: cmake test suite improvements
Closes #3109
Marcel Raad
unit1307: require FTP support
This test doesn't link without FTP support after
fc7ab4835b5fd09d0a6f57000633bb6bb6edfda1, which made Curl_fnmatch
unavailable without FTP support.

Closes https://github.com/curl/curl/pull/3565
Daniel Stenberg
curl_multi_remove_handle.3: use at any time, just not from within callbacks
[ci skip]
Daniel Stenberg
Daniel Stenberg
unit1651: survive curl_easy_init() fails
Patrick Monnerat
transfer.c: do not compute length of undefined hex buffer.
On non-ascii platforms, the chunked hex header was measured for char code
conversion length, even for chunked trailers that do not have an hex header.
In addition, the efective length is already known: use it.
Since the hex length can be zero, only convert if needed.

Reported by valgrind.
Daniel Stenberg
examples/sftpuploadresume: Value stored to 'result' is never read
Detected by scan-build
Daniel Stenberg
examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
Detected by scan-build
Daniel Stenberg
memdebug: bring back curl_mark_sclose
Used by debug builds with NSS.

Reverted from 05b100aee247bb
Patrick Monnerat
x509asn1: "Dereference of null pointer"
Detected by scan-build (false positive).
Jay Satiro
connection_check: restore original conn->data after the check
- Save the original conn->data before it's changed to the specified
  data transfer for the connection check and then restore it afterwards.

This is a follow-up to 38d8e1b 2019-02-11.


It was discovered a month ago that before checking whether to extract a
dead connection that that connection should be associated with a "live"
transfer for the check (ie original conn->data ignored and set to the
passed in data). A fix was landed in 54b201b which did that and also
cleared conn->data after the check. The original conn->data was not
restored, so presumably it was thought that a valid conn->data was no
longer needed.

Several days later it was discovered that a valid conn->data was needed
after the check and follow-up fix was landed in bbae24c which partially
reverted the original fix and attempted to limit the scope of when
conn->data was changed to only when pruning dead connections. In that
case conn->data was not cleared and the original conn->data not

A month later it was discovered that the original fix was somewhat
correct; a "live" transfer is needed for the check in all cases
because original conn->data could be null which could cause a bad deref
at arbitrary points in the check. A fix was landed in 38d8e1b which
expanded the scope to all cases. conn->data was not cleared and the
original conn->data not restored.

A day later it was discovered that not restoring the original conn->data
may lead to busy loops in applications that use the event interface, and
given this observation it's a pretty safe assumption that there is some
code path that still needs the original conn->data. This commit is the
follow-up fix for that, it restores the original conn->data after the
connection check.

Assisted-by: tholin@users.noreply.github.com
Reported-by: tholin@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/3542
Closes #3559
Daniel Stenberg
strip_trailing_dot: make sure NULL is never used for strlen
scan-build warning: Null pointer passed as an argument to a 'nonnull'
Daniel Stenberg
gssapi: fix deprecated header warnings
Heimdal includes on FreeBSD spewed out lots of them. Less so now.

Closes #3566
Daniel Stenberg
examples/http2-upload: cleaned up
Fix scan-build warnings, no globals, no silly handle scan. Also remove
handles from the multi before cleaning up.
Frank Gevaerts
rand: Fix a mismatch between comments in source and header.
Reported-by: Björn Stenberg <bjorn@haxx.se>
Closes #3584
Marcel Raad
unit1307: just fail without FTP support
I missed to check this in with commit
71786c0505926aaf7e9b2477b2fb7ee16a915ec6, which only disabled the test.
This fixes the actual linker error.

Closes https://github.com/curl/curl/pull/3568
Patrick Monnerat
cli tool: refactor encoding conversion sequence for switch case fallthrough.
Daniel Gustafsson
mbedtls: release sessionid resources on error
If mbedtls_ssl_get_session() fails, it may still have allocated
memory that needs to be freed to avoid leaking. Call the library
API function to release session resources on this errorpath as
well as on Curl_ssl_addsessionid() errors.

Closes: #3574
Reported-by: Michał Antoniak <M.Antoniak@posnet.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>