mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-11-21 01:16:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
19f66c7575
curl/lib
History
Daniel Stenberg 19f66c7575 Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure 
got no notification, no mail, no nothing.

You didn't even bother to mail us when you went public with this. Cool.

NTLM buffer overflow fix, as reported here:

http://www.securityfocus.com/archive/1/391042
2005-02-22 07:44:14 +00:00
..
.cvsignore
amigaos.c
amigaos.h
arpa_telnet.h Make some more arrays of pointers const. 2004-12-20 18:23:43 +00:00
base64.c Add 'const' to immutable arrays. 2004-12-15 01:38:25 +00:00
base64.h killed trailing whitespace 2004-11-29 12:11:46 +00:00
ca-bundle.crt
config-amigaos.h Dan Fandrich: 2004-12-11 18:47:22 +00:00
config-mac.h
config-riscos.h Dan Fandrich: 2004-12-11 18:47:22 +00:00
config-vms.h Dan Fandrich: 2004-12-11 18:47:22 +00:00
config-win32.h Watcom has strtoll(). 2004-12-17 19:57:50 +00:00
config-win32ce.h Replace MINGW32 with built-in __MINGW32__. 2004-12-06 14:43:04 +00:00
config.dj Dan Fandrich: 2004-12-11 18:47:22 +00:00
connect.c close the socket properly when returning error due to failing localbind 2005-02-17 14:45:03 +00:00
connect.h conn->ip_addr MUST NOT be used on re-used connections 2005-01-29 13:07:16 +00:00
content_encoding.c Fix for a bug report that compressed files that are exactly 64 KiB long 2005-02-07 19:12:37 +00:00
content_encoding.h
cookie.c Rune Kleveland fixed a minor memory leak for received cookies with the (rare) 2004-12-22 22:33:31 +00:00
cookie.h
curllib.dsw
curlx.h
dict.c FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
dict.h FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
easy.c better error checking and SSL init by David Byron 2005-02-09 23:04:51 +00:00
easyif.h Renamed easy.h and multi.h to easyif.h and multiif.h to make sure they don't 2005-01-11 15:25:29 +00:00
escape.c
escape.h
file.c Removed all uses of strftime() since it uses the localised version of the 2005-02-11 00:03:49 +00:00
file.h FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
formdata.c C ensures that static variables are initialized to 0 2004-12-22 20:12:15 +00:00
formdata.h
ftp.c Fixed bad krb4 code. It always tried to use krb4 if built enabled. 2005-02-11 22:50:57 +00:00
ftp.h FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
getenv.c
getinfo.c Renamed a struct member to avoid conflict with a C++ reserved word. 2004-12-16 21:27:23 +00:00
getinfo.h
hash.c Use plain structs and not typedef'ed ones in the hash and linked-list code. 2005-01-25 00:06:29 +00:00
hash.h Use plain structs and not typedef'ed ones in the hash and linked-list code. 2005-01-25 00:06:29 +00:00
hostares.c FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
hostasyn.c FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
hostip4.c
hostip6.c FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
hostip.c FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
hostip.h FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
hostsyn.c FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
hostthre.c FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
http_chunks.c
http_chunks.h
http_digest.c Dan Fandrich added the --disable-crypto-auth option to configure to allow 2004-11-12 09:18:14 +00:00
http_digest.h
http_negotiate.c
http_negotiate.h
http_ntlm.c Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure 2005-02-22 07:44:14 +00:00
http_ntlm.h
http.c Ralph Mitchell reported a flaw when you used a proxy with auth, and you 2005-02-18 23:53:07 +00:00
http.h FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
if2ip.c
if2ip.h
inet_ntoa_r.h
inet_ntop.c
inet_ntop.h
inet_pton.c Renamed a variable to avoid conflict with a C++ reserved word. 2004-12-17 20:18:53 +00:00
inet_pton.h
krb4.c Dan Fandrich added --disable-verbose 2004-11-11 16:34:24 +00:00
krb4.h
ldap.c Set 'bits.close' in case of malloc fail. 2005-02-09 14:28:35 +00:00
ldap.h FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
libcurl.def
libcurl.framework.make Matt Veenstra: 2004-12-08 23:02:55 +00:00
libcurl.imp
libcurl.plist Matt Veenstra updated to 7.12.3. Starting now, we'll update the version number 2004-12-08 23:09:23 +00:00
libcurl.rc
llist.c Use plain structs and not typedef'ed ones in the hash and linked-list code. 2005-01-25 00:06:29 +00:00
llist.h Use plain structs and not typedef'ed ones in the hash and linked-list code. 2005-01-25 00:06:29 +00:00
Makefile.am Added README.hostip 2005-01-14 13:43:29 +00:00
makefile.amiga Dan Fandrich: added some missing files. "I can't try them so they might still 2004-12-10 21:58:11 +00:00
Makefile.b32 Static lib is libcurl.lib and import lib libcurl_imp.lib. 2004-11-14 13:48:15 +00:00
makefile.dj getdate.c is gone. 2004-12-17 12:28:04 +00:00
Makefile.inc Removed all uses of strftime() since it uses the localised version of the 2005-02-11 00:03:49 +00:00
Makefile.m32 OpenSSL updates; get CA_BUNDLE from env. Assume no 2004-12-19 11:52:31 +00:00
Makefile.netware Dan Fandrich: 2004-12-11 18:47:22 +00:00
Makefile.riscos Dan Fandrich: added some missing files. "I can't try them so they might still 2004-12-10 21:58:11 +00:00
Makefile.vc6 Cody Jones' enhanced version of Samuel Daz Garca's MSVC makefile patch. 2005-01-18 10:17:34 +00:00
Makefile.Watcom Added '-bd' option; target is a DLL. 2005-01-12 15:32:26 +00:00
md5.c Add 'const' to immutable arrays. 2004-12-15 01:38:25 +00:00
md5.h Add 'const' to immutable arrays. 2004-12-15 01:38:25 +00:00
memdebug.c
memdebug.h Changes for removing libcurl.def file on Win32. 2004-11-09 14:00:56 +00:00
memory.h
mprintf.c Add 'const' to immutable arrays. 2004-12-15 01:38:25 +00:00
msvcproj.foot
msvcproj.head
multi.c FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
multiif.h FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
netrc.c
netrc.h
nwlib.c
parsedate.c Removed all uses of strftime() since it uses the localised version of the 2005-02-11 00:03:49 +00:00
parsedate.h Removed all uses of strftime() since it uses the localised version of the 2005-02-11 00:03:49 +00:00
progress.c As reported in Mandrake's bug tracker bug 12289 2004-11-26 14:33:13 +00:00
progress.h clean up start time and t_startsingle use so that redirect_time works properly 2004-11-15 11:27:03 +00:00
README.ares
README.curlx
README.encoding
README.hostip Added README.hostip 2005-01-14 13:43:29 +00:00
README.httpauth HTTP "auth done right". See lib/README.httpauth 2004-11-24 16:11:35 +00:00
README.memoryleak
security.c Make some arrays of pointers const, too. 2004-12-15 02:32:04 +00:00
security.h
select.c errrno can by freak accident become EINTR on DOS or 2005-01-15 09:26:07 +00:00
select.h Suppress signed vs. unsigned warnings on Win32 2004-11-19 14:38:02 +00:00
sendf.c FTP third transfer support overhaul. See CHANGES for details. 2005-01-21 09:32:32 +00:00
sendf.h FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
setup.h Removed _WIN32_WINNT to support IPv6 under Win-2K. 2005-01-04 16:00:14 +00:00
share.c Dan Fandrich added the --disable-cookies option to configure to build 2004-12-05 23:59:32 +00:00
share.h Use plain structs and not typedef'ed ones in the hash and linked-list code. 2005-01-25 00:06:29 +00:00
speedcheck.c
speedcheck.h
ssluse.c init fix for non-SSL builds 2005-02-10 07:45:08 +00:00
ssluse.h better error checking and SSL init by David Byron 2005-02-09 23:04:51 +00:00
strequal.c
strequal.h Changes for removing libcurl.def file on Win32. 2004-11-09 14:00:56 +00:00
strerror.c Handle CURLE_LOGIN_DENIED in strerror.c. 2005-02-09 13:59:40 +00:00
strerror.h
strtok.c
strtok.h
strtoofft.c
strtoofft.h Watcom uses 'i64' suffix. 2004-12-17 18:33:09 +00:00
telnet.c FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
telnet.h FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
timeval.c <windows.h> required for Watcom. 2004-12-17 18:32:41 +00:00
timeval.h Watcom has 'struct timeval'. 2004-12-17 17:49:10 +00:00
transfer.c Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth" 2005-02-16 14:31:23 +00:00
transfer.h Rename Curl_pretransfersec() to *_second_connect() since it does not just 2005-02-14 09:30:40 +00:00
url.c prevent a compiler warning 2005-02-09 22:47:57 +00:00
url.h FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
urldata.h FTP code turned into state machine. Not completely yet, but a good start. 2005-02-09 13:06:40 +00:00
version.c Make some more arrays of pointers const. 2004-12-20 18:23:43 +00:00

README.memoryleak 

$Id$
                                  _   _ ____  _     
                              ___| | | |  _ \| |    
                             / __| | | | |_) | |    
                            | (__| |_| |  _ <| |___ 
                             \___|\___/|_| \_\_____|

             How To Track Down Suspected Memory Leaks in libcurl
             ===================================================

Single-threaded

  Please note that this memory leak system is not adjusted to work in more
  than one thread. If you want/need to use it in a multi-threaded app. Please
  adjust accordingly.


Build

  Rebuild libcurl with -DCURLDEBUG (usually, rerunning configure with
  --enable-debug fixes this). 'make clean' first, then 'make' so that all
  files actually are rebuilt properly. It will also make sense to build
  libcurl with the debug option (usually -g to the compiler) so that debugging
  it will be easier if you actually do find a leak in the library.

  This will create a library that has memory debugging enabled.

Modify Your Application

  Add a line in your application code:

       curl_memdebug("filename");

  This will make the malloc debug system output a full trace of all resource
  using functions to the given file name. Make sure you rebuild your program
  and that you link with the same libcurl you built for this purpose as
  described above.

Run Your Application

  Run your program as usual. Watch the specified memory trace file grow.

  Make your program exit and use the proper libcurl cleanup functions etc. So
  that all non-leaks are returned/freed properly.

Analyze the Flow

  Use the tests/memanalyze.pl perl script to analyze the memdump file:

    tests/memanalyze.pl < memdump

  This now outputs a report on what resources that were allocated but never
  freed etc. This report is very fine for posting to the list!

  If this doesn't produce any output, no leak was detected in libcurl. Then
  the leak is mostly likely to be in your code.