Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on May 22, 2015
  1. security: fix "Unchecked return value" from sscanf()

    authored
    By (void) prefixing it and adding a comment. Did some minor related
    cleanups.
    
    Coverity CID 1299423.
  2. security: simplify choose_mech

    authored
    Coverity CID 1299424 identified dead code because of checks that could
    never equal true (if the mechanism's name was NULL).
    
    Simplified the function by removing a level of pointers and removing the
    loop and array that weren't used.
  3. RTSP: catch attempted unsupported requests better

    authored
    Replace use of assert with code that properly catches bad input at
    run-time even in non-debug builds.
    
    This flaw was sort of detected by Coverity CID 1299425 which claimed the
    "case RTSPREQ_NONE" was dead code.
  4. share_init: fix OOM crash

    authored
    A failed calloc() would lead to NULL pointer use.
    
    Coverity CID 1299427.
  5. parse_proxy: switch off tunneling if non-HTTP proxy

    authored
    non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL
    
    Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html
    Reported-by: Sean Boudreau
  6. curl: fix potential NULL dereference

    authored
    Coverity CID 1299428: Dereference after null check (FORWARD_NULL)
  7. http2: on_frame_recv: return early on stream 0

    authored
    Coverity CID 1299426 warned about possible NULL dereference otherwise,
    but that would only ever happen if we get invalid HTTP/2 data with
    frames for stream 0. Avoid this risk by returning early when stream 0 is
    used.
  8. http: removed self assignment

    authored
    Follow-up fix from b0143a2
    
    Detected by coverity. CID 1299429
  9. @tatsuhiro-t

    http2: Make HTTP Upgrade work

    tatsuhiro-t authored committed
    This commit just add implicitly opened stream 1 to streams hash.
  10. @jay

    strerror: Change SEC_E_ILLEGAL_MESSAGE description

    jay authored
    Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS
    and language specific, and invariably translated to something not very
    helpful like: "The message received was unexpected or badly formatted."
    
    Bug: #267
    Reported-by: Michael Osipov
  11. @jay

    telnet: Fix read-callback change for Windows builds

    jay authored
    Refer to b0143a2 for more information on the read-callback change.
Commits on May 21, 2015
  1. @dfandrich

    testcurl.pl: allow source to be in an arbitrary directory

    dfandrich authored
    This way, the build directory can be located on an entirely different
    filesystem from the source code (e.g. a tmpfs).
Commits on May 20, 2015
  1. read_callback: move to SessionHandle from connectdata

    authored
    With many easy handles using the same connection for multiplexing, it is
    important we store and keep the transfer-oriented stuff in the
    SessionHandle so that callbacks and callback data work fine even when
    many easy handles share the same physical connection.
  2. http2: show stream IDs in decimal

    authored
    It makes them easier to match output from the nghttpd test server.
  3. @tatsuhiro-t

    http2: Faster http2 upload

    tatsuhiro-t authored committed
    Previously, when we send all given buffer in data_source_callback, we
    return NGHTTP2_ERR_DEFERRED, and nghttp2 library removes this stream
    temporarily for writing.  This itself is good.  If this is the sole
    stream in the session, nghttp2_session_want_write() returns zero,
    which means that libcurl does not check writeability of the underlying
    socket.  This leads to very slow upload, because it seems curl only
    upload 16k something per 1 second.  To fix this, if we still have data
    to send, call nghttp2_session_resume_data after nghttp2_session_send.
    This makes nghttp2_session_want_write() returns nonzero (if connection
    window still opens), and as a result, socket writeability is checked,
    and upload speed becomes normal.
  4. @lumag

    gtls: don't fail on non-fatal alerts during handshake

    lumag authored committed
    Stop curl from failing when non-fatal alert is received during
    handshake.  This e.g. fixes lots of problems when working with https
    sites through proxies.
  5. curl_easy_unescape.3: update RFC reference

    authored
    Reported-by: bsammon
    Bug: #282
  6. @jay

    CURLOPT_POSTFIELDS.3: Mention curl_easy_escape

    jay authored
    .. also correct some variable naming in curl_easy_escape.3
    
    Bug: #281
    Reported-by: bsammon@users.noreply.github.com
Commits on May 19, 2015
  1. @bprodoehl

    openssl: Use SSL_CTX_set_msg_callback and SSL_CTX_set_msg_callback_arg

    bprodoehl authored committed
    BoringSSL removed support for direct callers of SSL_CTX_callback_ctrl
    and SSL_CTX_ctrl, so move to a way that should work on BoringSSL and
    OpenSSL.
    
    re #275
  2. @jay
  3. @kdudka

    http: silence compile-time warnings without USE_NGHTTP2

    kdudka authored
    Error: CLANG_WARNING:
    lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read
    
    Error: COMPILER_WARNING:
    lib/http.c: scope_hint: In function ‘http_disconnect’
    lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable]
  4. @jay

    transfer: Replace __func__ instances with function name

    jay authored
    .. also make __func__ replacement in multi.
    
    Prior to this change debug builds would fail to build if the compiler
    was building pre-c99 and didn't support __func__.
  5. @vszakats

    build: bump version in default nghttp2 paths

    vszakats authored committed
  6. @jay
Commits on May 18, 2015
  1. http2: store upload state per stream

    authored
    Use a curl_off_t for upload left
  2. http2: switch to use Curl_hash_destroy()

    authored
    as after 4883f70, the *_clean() function only flushes the hash.
  3. curlver: restore LIBCURL_VERSION_NUM defined as a full number

    authored
    As it breaks configure, curl-config and test 1023 if not.
  4. @aavina

    hostip: fix unintended destruction of hash table

    aavina authored committed
    .. and added unit1602 for hash.c
  5. @tatsuhiro-t

    http2: Ignore if we have stream ID not in hash in on_stream_close

    tatsuhiro-t authored committed
    We could get stream ID not in the hash in on_stream_close.  For
    example, if we decided to reject stream (e.g., PUSH_PROMISE), then we
    don't create stream and store it in hash with its stream ID.
Something went wrong with that request. Please try again.