mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-02-17 14:59:45 +08:00
Code Issues Packages Projects Releases Wiki Activity
c5be3d7267
curl/lib
History
Daniel Stenberg c5be3d7267 cookies: getlist() now holds deep copies of all cookies 
Previously it only held references to them, which was reckless as the
thread lock was released so the cookies could get modified by other
handles that share the same cookie jar over the share interface.

CVE-2016-8623

Bug: https://curl.haxx.se/docs/adv_20161102I.html
Reported-by: Cure53
2016-10-31 08:46:35 +01:00
..
vauth sasl: Don't use GSSAPI authentication when domain name not specified 2016-08-21 11:56:23 +01:00
vtls mbedtls: stop using deprecated include file 2016-10-26 23:38:04 +02:00
.gitignore
amigaos.c s/cURL/curl 2016-10-18 13:59:54 +02:00
amigaos.h
arpa_telnet.h
asyn-ares.c
asyn-thread.c
asyn.h
base64.c
checksrc.pl checksrc: detect strtok() use 2016-09-07 10:41:57 +02:00
CMakeLists.txt CMake: Try to (un-)hide private library symbols 2016-09-10 00:35:38 +02:00
config-amigaos.h
config-dos.h
config-mac.h
config-os400.h
config-riscos.h
config-symbian.h
config-tpf.h
config-vxworks.h
config-win32.h
config-win32ce.h
conncache.c
conncache.h
connect.c select: switch to macros in uppercase 2016-10-18 11:05:45 +02:00
connect.h connect: fix #ifdefs for debug versions of conn/streamclose() macros 2016-08-30 23:38:06 +02:00
content_encoding.c
content_encoding.h
cookie.c cookies: getlist() now holds deep copies of all cookies 2016-10-31 08:46:35 +01:00
cookie.h cookies: getlist() now holds deep copies of all cookies 2016-10-31 08:46:35 +01:00
curl_addrinfo.c
curl_addrinfo.h
curl_base64.h
curl_config.h.cmake cmake: add nghttp2 support 2016-10-10 19:47:31 +02:00
curl_des.c
curl_des.h
curl_endian.c
curl_endian.h
curl_fnmatch.c
curl_fnmatch.h
curl_gethostname.c
curl_gethostname.h
curl_gssapi.c
curl_gssapi.h
curl_hmac.h
curl_ldap.h
curl_md4.h
curl_md5.h
curl_memory.h
curl_memrchr.c
curl_memrchr.h
curl_multibyte.c
curl_multibyte.h
curl_ntlm_core.c mbedtls: Added support for NTLM 2016-08-03 19:33:59 +01:00
curl_ntlm_core.h
curl_ntlm_wb.c
curl_ntlm_wb.h
curl_printf.h
curl_rtmp.c
curl_rtmp.h
curl_sasl.c sasl: Don't use GSSAPI authentication when domain name not specified 2016-08-21 11:56:23 +01:00
curl_sasl.h
curl_sec.h
curl_setup_once.h
curl_setup.h idn: switch to libidn2 use and IDNA2008 support 2016-10-31 08:46:35 +01:00
curl_sspi.c curl_sspi.c: Updated function description comments 2016-08-31 11:57:28 +01:00
curl_sspi.h
curl_threads.c
curl_threads.h
curlx.h
dict.c
dict.h
dotdot.c
dotdot.h
easy.c idn: switch to libidn2 use and IDNA2008 support 2016-10-31 08:46:35 +01:00
easyif.h
escape.c curl_easy_unescape: deny negative string lengths as input 2016-09-14 07:49:43 +02:00
escape.h
file.c library: Fix memory leaks found during static analysis 2016-07-14 02:52:56 -04:00
file.h
fileinfo.c
fileinfo.h
firefox-db2pem.sh
formdata.c formpost: avoid silent snprintf() truncation 2016-10-08 13:00:45 +02:00
formdata.h formpost: avoid silent snprintf() truncation 2016-10-08 13:00:45 +02:00
ftp.c select: switch to macros in uppercase 2016-10-18 11:05:45 +02:00
ftp.h ftp: fix Curl_ftpsendf() 2016-10-08 15:13:46 +02:00
ftplistparser.c
ftplistparser.h
getenv.c win: Basic support for Universal Windows Platform apps 2016-08-21 13:56:22 +02:00
getinfo.c easy: Reset all statistical session info in curl_easy_reset 2016-09-20 01:14:01 -04:00
getinfo.h
gopher.c gopher: properly return error for poll failures 2016-10-18 11:14:48 +02:00
gopher.h
hash.c
hash.h
hmac.c
hostasyn.c
hostcheck.c
hostcheck.h
hostip4.c
hostip6.c
hostip.c resolve: add error message when resolving using SIGALRM 2016-10-10 14:14:20 +02:00
hostip.h
hostsyn.c
http2.c http2: debug ouput sent HTTP/2 request headers 2016-09-16 09:00:20 +02:00
http2.h http2: return EOF when done uploading without known size 2016-09-05 14:32:32 +02:00
http_chunks.c
http_chunks.h
http_digest.c
http_digest.h
http_negotiate.c
http_negotiate.h
http_ntlm.c
http_ntlm.h
http_proxy.c select: switch to macros in uppercase 2016-10-18 11:05:45 +02:00
http_proxy.h
http.c cookies: getlist() now holds deep copies of all cookies 2016-10-31 08:46:35 +01:00
http.h http2: handle closed streams when uploading 2016-08-28 17:59:34 +02:00
idn_win32.c
if2ip.c
if2ip.h
imap.c errors: new alias CURLE_WEIRD_SERVER_REPLY (8) 2016-09-07 21:24:27 -04:00
imap.h
inet_ntop.c
inet_ntop.h
inet_pton.c
inet_pton.h
krb5.c ftp: fix Curl_ftpsendf() 2016-10-08 15:13:46 +02:00
ldap.c
libcurl.def
libcurl.plist
libcurl.rc s/cURL/curl 2016-10-18 13:59:54 +02:00
libcurl.vers.in
llist.c
llist.h
Makefile.am
makefile.amiga
Makefile.b32
makefile.dj
Makefile.inc
Makefile.m32
Makefile.netware
Makefile.vc6
Makefile.vxworks
Makefile.Watcom
md4.c
md5.c win: Basic support for Universal Windows Platform apps 2016-08-21 13:56:22 +02:00
memdebug.c
memdebug.h
mk-ca-bundle.pl mk-ca-bundle.vbs: Fix UTF-8 output 2016-10-30 01:01:29 -04:00
mk-ca-bundle.vbs mk-ca-bundle.vbs: Fix UTF-8 output 2016-10-30 01:01:29 -04:00
mprintf.c mprintf: return error on too many arguments 2016-10-08 20:47:04 +02:00
multi.c multi: force connections to get closed in close_all_connections 2016-10-22 16:10:57 +02:00
multihandle.h
multiif.h multi: make Curl_expire() work with 0 ms timeouts 2016-08-04 00:26:01 +02:00
netrc.c
netrc.h
non-ascii.c
non-ascii.h
nonblock.c
nonblock.h
nwlib.c
nwos.c
objnames-test08.sh
objnames-test10.sh
objnames.inc
openldap.c
parsedate.c
parsedate.h
pingpong.c select: switch to macros in uppercase 2016-10-18 11:05:45 +02:00
pingpong.h
pipeline.c multi: make Curl_expire() work with 0 ms timeouts 2016-08-04 00:26:01 +02:00
pipeline.h
pop3.c errors: new alias CURLE_WEIRD_SERVER_REPLY (8) 2016-09-07 21:24:27 -04:00
pop3.h
progress.c speed caps: not based on average speeds anymore 2016-09-04 13:11:23 +02:00
progress.h speed caps: not based on average speeds anymore 2016-09-04 13:11:23 +02:00
rawstr.c
rawstr.h
rtsp.c select: switch to macros in uppercase 2016-10-18 11:05:45 +02:00
rtsp.h
security.c ftp: fix Curl_ftpsendf() 2016-10-08 15:13:46 +02:00
select.c select: switch to macros in uppercase 2016-10-18 11:05:45 +02:00
select.h select: switch to macros in uppercase 2016-10-18 11:05:45 +02:00
sendf.c
sendf.h
setup-os400.h
setup-vms.h
share.c
share.h
sigpipe.h
slist.c
slist.h
smb.c smb: properly check incoming packet boundaries 2016-10-09 00:14:26 +02:00
smb.h
smtp.c errors: new alias CURLE_WEIRD_SERVER_REPLY (8) 2016-09-07 21:24:27 -04:00
smtp.h
sockaddr.h
socks_gssapi.c
socks_sspi.c library: Fix memory leaks found during static analysis 2016-07-14 02:52:56 -04:00
socks.c select: switch to macros in uppercase 2016-10-18 11:05:45 +02:00
socks.h
speedcheck.c
speedcheck.h
splay.c
splay.h
ssh.c select: switch to macros in uppercase 2016-10-18 11:05:45 +02:00
ssh.h
strdup.c memdup: use 'void *' as return and source type 2016-10-04 23:31:25 +02:00
strdup.h memdup: use 'void *' as return and source type 2016-10-04 23:31:25 +02:00
strequal.c
strequal.h
strerror.c idn: switch to libidn2 use and IDNA2008 support 2016-10-31 08:46:35 +01:00
strerror.h idn: switch to libidn2 use and IDNA2008 support 2016-10-31 08:46:35 +01:00
strtok.c
strtok.h
strtoofft.c
strtoofft.h
system_win32.c win: fix Universal Windows Platform build 2016-10-16 12:09:12 +02:00
system_win32.h
telnet.c
telnet.h
tftp.c select: switch to macros in uppercase 2016-10-18 11:05:45 +02:00
tftp.h
timeval.c
timeval.h
transfer.c select: switch to macros in uppercase 2016-10-18 11:05:45 +02:00
transfer.h speed caps: not based on average speeds anymore 2016-09-04 13:11:23 +02:00
url.c idn: switch to libidn2 use and IDNA2008 support 2016-10-31 08:46:35 +01:00
url.h
urldata.h vtls: only re-use session-ids using the same scheme 2016-10-13 11:24:16 +02:00
version.c idn: switch to libidn2 use and IDNA2008 support 2016-10-31 08:46:35 +01:00
warnless.c
warnless.h
wildcard.c
wildcard.h
x509asn1.c
x509asn1.h