- Windows command prompt doesn't use literal quoting via single quotes.
- Windows command prompt inner double quotes are escaped with a
backslash.
- Windows powershell does use single quotes but curl is not a powershell
script so the arguments may not be passed on correctly.
- Windows powershell inner double quotes seems can be passed to curl if
the outer quotes are double quotes and an escape of backslash-backtick
is used.
Command prompt example:
~~~
getargs -v -d "\"a\""
argv[0]: getargs
argv[1]: -v
argv[2]: -d
argv[3]: "a"
~~~
Ref: https://github.com/curl/curl/issues/8818
Ref: https://gist.github.com/jay/19aba48653bd591cf4b90eb9249a302c
Reported-by: KotlinIsland@users.noreply.github.com
Closes https://github.com/curl/curl/pull/8823
Explicitly initialize gss_buffer_desc strings such that a call to
freeing resources will succeed even if no data has been allocated
to it.
Reported-by: Jay Satiro <raysatiro@yahoo.com>
In case gss_display_status() returns an error, avoid trying to add
it to the buffer as the message may well be a NULL pointer.
Originally this fix comes from a discussion in issue #8816.
Closes: #8832
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
This makes it more likely that the trailer is received
seperately from the last-chunk.
curl doesn't seem to care about this but it makes the tests
more useful when testing external proxies like Privoxy.
This allows to use write delays for large responses without
resulting in the test taking an unreasonable amount of time.
In many cases delaying writes by a whole second or more isn't
necessary for the desired effect.
Closes#8827
We need to check if the strchr() call returns NULL (due to missing
char) before we use the returned value in arithmetic. There is no
live bug here, but fixing it before it can become for hygiene.
Closes: #8814
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
We have lots of unchecked msnprintf calls, and this particular msnprintf
call isn't more interesting than the others, but this one yields a Coverity
warning so let's implicitly silence it. Going over the other invocations
is probably a worthwhile project, but for now let's keep the static
analyzers happy.
Closes: #8831
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
The check for a dot in the domain must not consider a single trailing
dot to be fine, as then TLD + trailing dot is fine and curl will accept
setting cookies for it.
CVE-2022-27779
Reported-by: Axel Chong
Bug: https://curl.se/docs/CVE-2022-27779.htmlCloses#8820
When --remove-on-error is used with --no-clobber, it might have an
updated file name to remove.
Bug: https://curl.se/docs/CVE-2022-27778.html
CVE-2022-27778
Reported-by: Harry Sintonen
Closes#8824
The asterisk in the abbreviation *NIX (for UNIX/Linux) needs to be
escaped to not mean start of italic formatting. This is consistent
with docs/RELEASE-PROCEDURE.md.
Closes: #8802
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Silences the warning:
CC socksd-socksd.o
socksd.c:143:13: warning: no previous extern declaration for
non-static variable 'reqlogfile' [-Wmissing-variable-declarations]
const char *reqlogfile = DEFAULT_REQFILE;
^
socksd.c:143:7: note: declare 'static' if the variable is not
intended to be used outside of this translation unit
const char *reqlogfile = DEFAULT_REQFILE;
^
1 warning generated.
... when compiling with clang 13.
Closes: #8799
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Commit 980a47b42 added support for ignoring session cookies, but it
was never added to the documentation.
Closes: #8795
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
