summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2020-09-18Add strict-ssl-check option to avoid unexpected 56 errortizen_6.0.m2_releasesubmit/tizen_base/20200921.004003submit/tizen_6.0_base_hotfix/20201102.162701submit/tizen_6.0_base_hotfix/20201030.192501submit/tizen_6.0_base/20201029.184801accepted/tizen/base/20200922.032751accepted/tizen/6.0/base/hotfix/20201102.093310accepted/tizen/6.0/base/20201029.110343tizen_6.0_base_hotfixaccepted/tizen_6.0_base_hotfixSeonah Moon2-1/+18
SSL_ERROR_SYSCALL has been handled little stricter since curl 7.67. (For example, 56 error occurs when server clase the connection abruptly without a close_notify alert.) The change is applied only in debug build for compatibility with older peers. However, Curl in Tizen is built with debug option. So, Unexpected 56 error can occurs. To avoid it, This patch creates new option and disable it. Change-Id: I6d2b493aa1ce1ea2ce7fe1151f8948537e52c332
2020-05-28mime: properly check Content-Type even if it has parameterssubmit/tizen_base/20200601.000728accepted/tizen/base/20200608.211016Seonah Moon3-3/+84
New test 669 checks this fix is effective. Fixes #5256 Reported-by: thanhchungbtc on github https://github.com/curl/curl/pull/5258/commits/96819869a975277308ef88b256f9ab9b788091f5 Change-Id: Icc77c1f01a859cb821dccc5a9cb1003e4e166117
2020-02-27Imported Upstream version 7.68.0submit/tizen_base/20200228.034800submit/tizen_base/20200228.034741accepted/tizen/base/20200302.014345Seonah Moon1589-44297/+60037
Change-Id: Ifa484ccc2d444376bfa8c21ca8d9b63d8f48bf05
2020-02-24Imported Upstream version 7.68.0upstream/7.68.0Seonah Moon1590-44217/+60360
Change-Id: I37422e43c2c4c25904a4fc2a391c4a32ba3b9f5c
2020-02-04Migrate to openssl 1.1submit/tizen_base/20200205.050526accepted/tizen/base/20200207.013553Seonah Moon1-2/+1
Change-Id: I465e6d39e1e167784bc79989c4b039721f61adc1
2020-01-09http2: don't call stream-close on already closed streamssubmit/tizen_base/20200109.040447accepted/tizen/base/20200110.070424Seonah Moon1-4/+4
- bug: https://github.com/curl/curl/issues/4043 - fix: https://github.com/curl/curl/commit/c0c40ab075cdf86424dfe346a70a31b08dc651da Change-Id: I90808233da69e8fc3d03189f8514bca1f73d90ee
2020-01-07Fix segfault in h2_session_sendsubmit/tizen_base/20200108.091030Nishant Chaprana1-2/+3
The crash is observed after below patches are applied:- Crash in upstream libcurl: https://github.com/curl/curl/commit/fb445a1e18d12f577964c9347bc5bca74b37cd08 Crash in Tizen: https://review.tizen.org/gerrit/#/c/platform/upstream/curl/+/220576 The same crash has been reported in upstream libcurl package. Issue #1: https://github.com/curl/curl/issues/3463 Issue #2: https://github.com/curl/curl/issues/3541 Below are the solution patches are used for creating this fix Patch #1: https://github.com/curl/curl/commit/54b201b48c90a2fb03c2baf90837c6b63adbc344 Patch #2: https://github.com/curl/curl/commit/f1af63149389cab2519b39b8056df68f5df36b91 Patch #3: https://github.com/curl/curl/commit/4015fae044ce52a639c9358e22a9e948f287c89f Change-Id: Iaa4a05feb6a66d9781d4e7ae07297ce369744d3d Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2019-12-20url: make Curl_close() NULLify the pointer too.submit/tizen_base/20191220.141841accepted/tizen/base/20191223.060023Daniel Stenberg7-21/+21
This is the common pattern used in the code and by a unified approach we avoid mistakes. Backported patch details: https://github.com/curl/curl/commit/dcd7e37c3a0ce108635b89cacc1e3425e57bd3bc Change-Id: I453175ca40d8e8dfa7611f026ec7513dc230d16f Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-12-19disconnect: set conn->data for protocol disconnectDaniel Stenberg1-0/+3
Follow-up to fb445a1e18d: Set conn->data explicitly to point out the current transfer when invoking the protocol-specific disconnect function so that it can work correctly. Backported patch details: https://github.com/curl/curl/commit/f3ce38739fa49008e36959aa8189c01ab1bad5b5 Change-Id: I0f86f4f9e086ebc0954f0d9935830bb93acb4090 Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-12-19disconnect: separate connections and easy handles betterDaniel Stenberg4-13/+13
Do not assume/store assocation between a given easy handle and the connection if it can be avoided. Long-term, the 'conn->data' pointer should probably be removed as it is a little too error-prone. Still used very widely though. Backported patch details: https://github.com/curl/curl/pull/3400/commits/fb445a1e18d12f577964c9347bc5bca74b37cd08 Change-Id: I18aa2cb7097b8598c90ddf8c8c68a9fecd86e295 Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-12-13Revert "ares: remove fd from multi fd set when ares is about to close the fd"submit/tizen_base/20191213.140919accepted/tizen/base/20191215.222036Niraj Kumar Goit9-43/+31
ares: remove fd from multi fd set when ares is about to close the fd 8dfb92873af9de5d883e191e0097be32c78a7d0f Change-Id: Ic6ce203ae3609a539f70c5ae4cb1d4b3812ae80d Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-12-12Change HAPPY_EYEBALLS_DNS_TIMEOUT to 1 sec for TV profilesubmit/tizen_base/20191213.011654Seonah Moon1-0/+4
Change-Id: I8f29a511322905036005cf8df13640518c6be7bc
2019-12-12Apply the Happy Eyeballs philosophy to parallel c-ares queriesSeonah Moon2-0/+91
Change-Id: Ic067a067b2562a1b2b4f978f32f20b269abd0886
2019-12-02curl_multi_remove_handle() don't block terminating c-ares requestssubmit/tizen_base/20191204.120048accepted/tizen/base/20191208.221818Niraj Kumar Goit8-19/+225
Added Curl_resolver_kill() for all three resolver modes, which only blocks when necessary, along with test 1592 to confirm curl_multi_remove_handle() doesn't block unless it must. Backported patch details: https://github.com/curl/curl/commit/84a30d0a419ad95c53cbdfc76eb2eb75d2e51835 Change-Id: I40917dbf8262249250942c9dcb71a31e6cf0df90 Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-12-02ares: remove fd from multi fd set when ares is about to close the fdNiraj Kumar Goit8-30/+42
When using c-ares for asyn dns, the dns socket fd was silently closed by c-ares without curl being aware. curl would then 'realize' the fd has been removed at next call of Curl_resolver_getsock, and only then notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with CURL_POLL_REMOVE. At this point the fd is already closed. By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this patch allows curl to be notified that the fd is not longer needed for neither for write nor read. At this point by calling Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE before the fd is actually closed by ares. In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore since it does not allow passing a different sock_state_cb_data Backported patch details: https://github.com/curl/curl/commit/6765e6d9e6a32bb4fc666d744cb57e2d55d4e13b Change-Id: I62b2d244cb0f38a4c4a76ad804c7fd69f9222484 Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-10-30Curl_fillreadbuffer: avoid double-free trailer buf on errorsubmit/tizen_base/20191031.113633accepted/tizen/base/20191105.214055Seonah Moon1-3/+7
Backported Patch link: https://github.com/curl/curl/pull/4307 Change-Id: I5b695b661cf946b74e065d1a65697e74d7ef8af6
2019-10-08Revert "Use openssl-1.1"tizen_5.5.m2_releasesubmit/tizen_base/20191010.142237submit/tizen_5.5_base_mobile_hotfix/20201023.171501submit/tizen_5.5_base/20191030.000001accepted/tizen/base/20191011.075552accepted/tizen/5.5/base/mobile/hotfix/20201023.085904accepted/tizen/5.5/base/20191030.084341tizen_5.5_base_mobile_hotfixaccepted/tizen_5.5_base_mobile_hotfixSeonah Moon1-1/+1
This reverts commit 6b333876d2db240bd01e0dcec950b2d12dc8eae5. Change-Id: Ia687599375fb2953e9df43f7195877726c5ffa29
2019-09-24http2: Stop drain from being permanently set onsubmit/tizen_base/20190924.062848accepted/tizen/base/20190929.221333Seonah Moon1-3/+4
Various functions called within Curl_http2_done() can have the side-effect of setting the Easy connection into drain mode (by calling drain_this()). However, the last time we unset this for a transfer (by calling drained_transfer()) is at the beginning of Curl_http2_done(). If the Curl_easy is reused for another transfer, it is then stuck in drain mode permanently, which in practice makes it unable to write any data in the new transfer. This fix moves the last call to drained_transfer() to later in Curl_http2_done(), after the functions that could potentially call for a drain. Fixes #3966 Reported-by: Josie-H Change-Id: I83ee02bf9017c9aa3d27d50580a0f89b8ec1d05d
2019-09-19security:read_data fix bad realloc()submit/tizen_base/20190919.235053accepted/tizen/base/20190921.035901Daniel Stenberg1-4/+2
... that could end up a double-free CVE-2019-5481 Bug: https://curl.haxx.se/docs/CVE-2019-5481.html Change-Id: I4eab9aceba3ad01607eb4f302200e9f949ea4312
2019-09-19ftp: Alloc maximum blksize, and use default unless OACK is receivedSeonah Moon1-3/+9
Fixes potential buffer overflow from 'recvfrom()', should the server return an OACK without blksize. Bug: https://curl.haxx.se/docs/CVE-2019-5482.html CVE-2019-5482 Change-Id: I6c63f958f4b49aa214ea4adb55c8f85a4b1606cc
2019-07-31tftp: use the current blksize for recvfrom()submit/tizen_base/20190812.223828accepted/tizen/base/20190818.221630Daniel Stenberg1-1/+1
bug: https://curl.haxx.se/docs/CVE-2019-5436.html Reported-by: l00p3r on hackerone CVE-2019-5436 Backported patch link: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275.patch Change-Id: Ic6093d1d475ed9ba87e41cff315befdc3aca9c1d Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2019-07-24Merge "curl_easy_perform: fix timeout handling" into tizen_basesubmit/tizen_base/20190724.065731accepted/tizen/base/20190730.013322Jaehyun Kim3-5/+30
2019-07-23curl_easy_perform: fix timeout handlingDaniel Stenberg3-5/+30
curl_multi_wait() was erroneously used from within curl_easy_perform(). It could lead to it believing there was no socket to wait for and then instead sleep for a while instead of monitoring the socket and then miss acting on that activity as swiftly as it should (causing an up to 1000 ms delay). Reported-by: Antoni Villalonga Fixes #3305 Clodes #3306 Backported patch details: https://github.com/curl/curl/commit/d04cef9ce1d710902d90b62de01115b9bbe958bf.patch Change-Id: I08d95e996dd9bab5d9fd7c7fe581fdb40c8a0de8 Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-07-23CURL_MAX_INPUT_LENGTH: largest acceptable string input sizeSeonah Moon3-0/+19
This limits all accepted input strings passed to libcurl to be less than CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls: curl_easy_setopt() and curl_url_set(). The 8000000 number is arbitrary picked and is meant to detect mistakes or abuse, not to limit actual practical use cases. By limiting the acceptable string lengths we also reduce the risk of integer overflows all over. NOTE: This does not apply to `CURLOPT_POSTFIELDS`. Test 1559 verifies. ClosesThis commit closes pull request #3805. #3805 CVE-2019-5435 Change-Id: I0a6d76769e1471352a477a8b1160672757a2de54
2019-05-09Merge "Use openssl-1.1" into tizen_basesubmit/tizen_base/20190530.012430submit/tizen_base/20190509.092220accepted/tizen/base/20190530.225335cheoleun moon1-1/+1
2019-05-09link missed library for DLPSeonah Moon1-0/+1
Change-Id: I77ab3d84ffae5851d9a81a8f834dfce08b34bf6f
2019-05-09Revert "link missed library for DLP"Seonah Moon1-1/+0
This reverts commit 14bcc6b79f4f26ee7821f1809961bddc3a1ae63d. Change-Id: I2fe882d909e8a4d0669ad4a5a63a856ebd0b6d53
2019-05-09link missed library for DLPSeonah Moon1-0/+1
Change-Id: If9719a2c13e7d2f37ed1d53b81f070fbfd5bc022
2019-05-07Use openssl-1.1Cheoleun Moon1-1/+1
Change-Id: I152d19a11c8bd12e63c3e573bba73668262099e8 Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
2019-03-09NTLM: fix size check condition for type2 received datasubmit/tizen_base/20190531.050615submit/tizen_base/20190311.044245accepted/tizen/base/20190531.081959accepted/tizen/base/20190316.131826Nishant Chaprana2-4/+5
Bug: https://curl.haxx.se/docs/CVE-2018-16890.html Reported-by: Wenxiang Qian CVE-2018-16890 Backported patch details:- Link: https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb.patch Change-Id: I15fc8002280680a7cf194dd02a5d7751cc7dbc71 Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2019-03-09ntlm: fix *_type3_message size check to avoid buffer overflowNishant Chaprana2-5/+8
Bug: https://curl.haxx.se/docs/CVE-2019-3822.html Reported-by: Wenxiang Qian CVE-2019-3822 Backported patch details:- Link: https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc.patch Change-Id: I40a37af26b81a4cefe4a26f19697e7a73b17eaf6 Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2019-03-09smtp: avoid risk of buffer overflow in strtolNishant Chaprana2-3/+7
If the incoming len 5, but the buffer does not have a termination after 5 bytes, the strtol() call may keep reading through the line buffer until is exceeds its boundary. Fix by ensuring that we are using a bounded read with a temporary buffer on the stack. Bug: https://curl.haxx.se/docs/CVE-2019-3823.html Reported-by: Brian Carpenter (Geeknik Labs) CVE-2019-3823 Backported patch details:- Link: https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484.patch Change-Id: Ie00a759a464e51ded79d2288844053740db055b4 Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2018-12-04Merge "Force to use getifaddrs() to get interface addresses" into tizen_basesubmit/tizen_base/20181204.044034accepted/tizen/base/20181207.120234cheoleun moon1-1/+2
2018-11-20Force to use getifaddrs() to get interface addressesSeonah Moon1-1/+2
Change-Id: I19edb6f0066af959de76d86e75eabfee29ea5c00
2018-11-08Merge tag 'upstream/7.62.0' into tizen_baseSeonah Moon2183-100521/+115602
Change-Id: I9fd8d310e211fdeb3b0e60097b6bd81fb8e78e9b
2018-11-08Imported Upstream version 7.62.0upstream/7.62.0Seonah Moon2182-100528/+115269
Change-Id: Ie916d8e445e0cc69e112cee470744a96a9c84799
2018-09-20Set dns timeout and tries for TVsubmit/tizen_base/20180920.024635submit/tizen_5.0_base/20181101.000001accepted/tizen/base/20180921.230933accepted/tizen/5.0/base/20181101.091223Seonah Moon2-3/+20
Change-Id: Id46d468d2dcf15ec39dabf45f5edf077a260f6f7
2018-09-18Add cipher selection for TVsubmit/tizen_base/20180918.070325Seonah Moon1-1/+12
ipv6 option will be enabled next commit Change-Id: Ie0e32617cf8140b6267b82548bc9b531de2f09d5
2018-09-14Enable IPv6 for TVSeonah Moon1-1/+1
Change-Id: I409747255d59b5e67716b606ce8c377b652fe72c
2018-09-14Revert "Enable IPv6 for TV"Seonah Moon1-1/+1
This reverts commit 5ca14f8d2be7326d956b3aa61f45102c472b0392.
2018-09-14Enable IPv6 for TVSeonah Moon1-1/+1
Change-Id: I53d34c6604be5cc01583f1b148c8fb4ad9db83e9
2018-07-02pingpong: fix response cache memcpy overflowsubmit/tizen_base/20180704.234207accepted/tizen/base/20180706.152742Seonah Moon1-1/+4
Response data for a handle with a large buffer might be cached and then used with the "closure" handle when it has a smaller buffer and then the larger cache will be copied and overflow the new smaller heap based buffer. Reported-by: Dario Weisser CVE: CVE-2018-1000300 Bug: https://curl.haxx.se/docs/adv_2018-82c2.htm Change-Id: I02d35b9494356aaec1ca1f8eab0353a58c849e11
2018-07-02... leaving the k->str could lead to buffer over-reads later on.Seonah Moon1-1/+5
CVE: CVE-2018-1000301 Assisted-by: Max Dymond Detected by OSS-Fuzz. Bug: https://curl.haxx.se/docs/adv_2018-b138.html Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105 Change-Id: I0bd3b891aef2bf08fdb485d135e695c2eeab86a7
2018-05-08Modify macro for tv profilesubmit/tizen_base/20180508.004801accepted/tizen/base/20180511.213756chleun.moon1-1/+1
Change-Id: Idb324c07ce007d1949f790c75cf703ff269e342f Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
2018-04-20Apply DLP featureSeonah Moon5-3/+46
Change-Id: I5d53e6655bb57364d5008a1beab388b7ba53be66
2018-04-20Use icu library for IDN featureSeonah Moon2-0/+28
Change-Id: I13eaf3ca85d8b516dbc091acae9646e705a75f5e
2018-04-20Update version to 7.59.0Seonah Moon2151-106204/+206127
Change-Id: I6be132aa9b0e2b3be821aae3cdac292525a7aa09
2018-04-12Imported Upstream version 7.59.0upstream/7.59.0Seonah Moon2152-107385/+161791
Change-Id: I06221d49da39082f95030ab57617a1e23fbda58b
2018-01-25Disable the IDN feature temporarysubmit/tizen_base/20180502.021447submit/tizen_base/20180419.073756submit/tizen_base/20180417.011946submit/tizen/20180125.065647accepted/tizen/unified/20180126.042834accepted/tizen/base/20180504.063502Seonah Moon1-2/+0
This feature will be enabled after resolving build dependency issue Change-Id: I6b7d8292015adbe5b488210176cf19c085b0aaf1
2018-01-24Merge "Use icu library for IDN feature" into tizensubmit/tizen/20180124.050653taesub kim0-0/+0
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-17 11:38:36 +0000