luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cd35371163
curl/lib
History
Daniel Stenberg e1f3f3a14f
url: reject too long input when parsing credentials 
Since input passed to libcurl with CURLOPT_USERPWD and
CURLOPT_PROXYUSERPWD circumvents the regular string length check we have
in Curl_setstropt(), the input length limit is enforced in
Curl_parse_login_details too, separately.

Reported-by: Thomas Bouzerar
Closes #5383
2020-05-13 08:02:42 +02:00
..
vauth
vquic ngtcp2: introduce qlog support 2020-05-07 16:27:49 +02:00
vssh libssh2: convert over to use dynbuf 2020-05-05 14:54:07 +02:00
vtls
.gitattributes .gitattributes: force shell scripts to LF 2017-04-17 08:32:13 +02:00
.gitignore
altsvc.c
altsvc.h
amigaos.c
amigaos.h
arpa_telnet.h
asyn-ares.c
asyn-thread.c asyn-*: remove support for never-used NULL entry pointers 2020-05-03 22:48:04 +02:00
asyn.h
base64.c
checksrc.pl checksrc: close the .checksrc file handle when done reading 2020-05-08 17:00:29 +02:00
CMakeLists.txt
config-amigaos.h
config-dos.h
config-mac.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
config-os400.h
config-plan9.h
config-riscos.h
config-symbian.h
config-tpf.h
config-vxworks.h
config-win32.h
config-win32ce.h
conncache.c conncache: various concept cleanups 2020-04-30 14:27:54 +02:00
conncache.h
connect.c connect: make happy eyeballs work for QUIC (again) 2020-05-04 14:56:26 +02:00
connect.h Curl_addr2string: take an addrlen argument too 2019-08-31 11:41:56 +02:00
content_encoding.c content_encoding: accept up to 4 unknown trailer bytes after raw deflate data 2018-07-12 22:46:15 +02:00
content_encoding.h HTTP: support multiple Content-Encodings 2017-11-05 15:09:48 +01:00
cookie.c
cookie.h
curl_addrinfo.c windows: enable UnixSockets with all build toolchains 2020-04-04 17:53:15 +00:00
curl_addrinfo.h
curl_base64.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
curl_config.h.cmake
curl_ctype.c
curl_ctype.h
curl_des.c
curl_des.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
curl_endian.c
curl_endian.h
curl_fnmatch.c
curl_fnmatch.h
curl_get_line.c
curl_get_line.h
curl_gethostname.c checksrc: move open braces to comply with function declaration style 2016-11-24 23:58:22 +01:00
curl_gethostname.h
curl_gssapi.c snprintf: renamed and we now only use msnprintf() 2018-11-23 08:26:51 +01:00
curl_gssapi.h
curl_hmac.h
curl_ldap.h
curl_md4.h
curl_md5.h
curl_memory.h
curl_memrchr.c
curl_memrchr.h
curl_multibyte.c
curl_multibyte.h
curl_ntlm_core.c
curl_ntlm_core.h
curl_ntlm_wb.c
curl_ntlm_wb.h
curl_path.c scp: fix directory name length used in memcpy 2019-08-24 18:47:56 +02:00
curl_path.h
curl_printf.h snprintf: renamed and we now only use msnprintf() 2018-11-23 08:26:51 +01:00
curl_range.c
curl_range.h
curl_rtmp.c urldata: avoid 'generic', use dedicated pointers 2019-09-03 23:00:51 +02:00
curl_rtmp.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
curl_sasl.c
curl_sasl.h
curl_sec.h checksrc: stricter no-space-before-paren enforcement 2016-12-13 23:39:11 +01:00
curl_setup_once.h
curl_setup.h
curl_sha256.h
curl_sspi.c
curl_sspi.h
curl_threads.c
curl_threads.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
curlx.h
dict.c misc: copyright year updates 2020-03-31 11:02:18 +02:00
dict.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
doh.c dynbuf: introduce internal generic dynamic buffer functions 2020-05-04 10:40:39 +02:00
doh.h dynbuf: introduce internal generic dynamic buffer functions 2020-05-04 10:40:39 +02:00
dotdot.c
dotdot.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
dynbuf.c
dynbuf.h
easy.c
easyif.h dynbuf: introduce internal generic dynamic buffer functions 2020-05-04 10:40:39 +02:00
escape.c dynbuf: introduce internal generic dynamic buffer functions 2020-05-04 10:40:39 +02:00
escape.h whitespace fixes 2018-09-23 22:24:02 +00:00
file.c
file.h
fileinfo.c wildcard: disable from build when FTP isn't present 2019-05-13 08:17:09 +02:00
fileinfo.h ftplistparser: keep state between invokes 2018-04-24 14:23:20 +02:00
firefox-db2pem.sh
formdata.c mime: latch last read callback status. 2020-03-07 23:26:00 +01:00
formdata.h mime: acknowledge CURL_DISABLE_MIME 2019-05-13 08:17:09 +02:00
ftp.c socks: make the connect phase non-blocking 2020-02-17 00:08:48 +01:00
ftp.h lib: clean up whitespace 2020-04-25 11:15:49 +02:00
ftplistparser.c copyrights: update all copyright notices to 2019 on files changed this year 2019-11-02 23:15:56 +01:00
ftplistparser.h
getenv.c tool_home: Fix the copyright year being out of date 2020-02-13 00:40:08 +00:00
getinfo.c
getinfo.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
gopher.c select: make Curl_socket_check take timediff_t timeout 2020-04-23 15:57:23 +02:00
gopher.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
hash.c cppcheck: fix warnings 2018-06-11 11:14:48 +02:00
hash.h
hmac.c
hostasyn.c dns: release sharelock as soon as possible 2019-02-11 13:34:11 +01:00
hostcheck.c
hostcheck.h
hostip4.c
hostip6.c
hostip.c conncache: various concept cleanups 2020-04-30 14:27:54 +02:00
hostip.h
hostsyn.c
http2.c
http2.h dynbuf: introduce internal generic dynamic buffer functions 2020-05-04 10:40:39 +02:00
http_chunks.c
http_chunks.h chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error 2019-10-02 07:46:05 +02:00
http_digest.c
http_digest.h auth: Rename the various authentication clean up functions 2019-05-12 18:37:00 +01:00
http_negotiate.c
http_negotiate.h
http_ntlm.c http_ntlm: Remove duplicate NSS initialisation 2019-11-28 14:41:55 +01:00
http_ntlm.h conncache: various concept cleanups 2020-04-30 14:27:54 +02:00
http_proxy.c http_proxy: ported to use dynbuf instead of a static size buffer 2020-05-04 10:41:06 +02:00
http_proxy.h http_proxy: ported to use dynbuf instead of a static size buffer 2020-05-04 10:41:06 +02:00
http.c
http.h
idn_win32.c
if2ip.c
if2ip.h
imap.c
imap.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
inet_ntop.c copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
inet_ntop.h
inet_pton.c copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
inet_pton.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
krb5.c copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
ldap.c build: Disable Visual Studio warning "conditional expression is constant" 2019-12-01 19:01:02 -05:00
libcurl.plist MacOSX-Framework: Make script work in Xcode 4.0 and later 2013-02-17 14:30:38 -07:00
libcurl.rc
libcurl.vers.in configure: use XC_LIBTOOL for portability across libtool versions 2013-03-08 13:27:45 +01:00
llist.c llist: removed unused Curl_llist_move() 2020-01-24 10:29:18 +01:00
llist.h
Makefile.am cleanup: correct copyright year range on a few files 2020-04-06 23:21:52 +02:00
makefile.amiga copyright: fix out-of-date copyright ranges and missing headers 2020-03-24 15:05:59 +01:00
makefile.dj copyright: fix out-of-date copyright ranges and missing headers 2020-03-24 15:05:59 +01:00
Makefile.inc
Makefile.m32 Makefile.m32: Improve windres parameter compatibility 2020-03-14 19:08:17 -04:00
Makefile.netware lib: never define CURL_CA_BUNDLE with a getenv 2020-04-05 23:59:20 +02:00
Makefile.vxworks copyright: fix out-of-date copyright ranges and missing headers 2020-03-24 15:05:59 +01:00
Makefile.Watcom copyright: fix out-of-date copyright ranges and missing headers 2020-03-24 15:05:59 +01:00
md4.c
md5.c windows: suppress UI in all CryptAcquireContext() calls 2020-03-17 23:08:02 +00:00
memdebug.c memdebug: don't log free(NULL) 2020-03-31 09:44:23 +02:00
memdebug.h build: Disable Visual Studio warning "conditional expression is constant" 2019-12-01 19:01:02 -05:00
mime.c mime: properly check Content-Type even if it has parameters 2020-04-19 20:52:48 +02:00
mime.h
mk-ca-bundle.pl
mk-ca-bundle.vbs copyright: fix out-of-date copyright ranges and missing headers 2020-03-24 15:05:59 +01:00
mprintf.c dynbuf: introduce internal generic dynamic buffer functions 2020-05-04 10:40:39 +02:00
mqtt.c mqtt: make NOSTATE get within the debug name array 2020-04-20 23:27:04 +02:00
mqtt.h
multi.c dynbuf: introduce internal generic dynamic buffer functions 2020-05-04 10:40:39 +02:00
multihandle.h
multiif.h
netrc.c
netrc.h netrc: CURL_DISABLE_NETRC 2019-05-17 23:24:34 +02:00
non-ascii.c
non-ascii.h
nonblock.c
nonblock.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
nwlib.c memory: ensure to check allocation results 2018-10-03 23:45:38 +02:00
nwos.c checksrc: stricter no-space-before-paren enforcement 2016-12-13 23:39:11 +01:00
openldap.c
parsedate.c
parsedate.h
pingpong.c timediff: make it 64 bit (if possible) even with 32 bit time_t 2019-08-01 07:43:24 +02:00
pingpong.h cleanup: remove the 'numsocks' argument used in many places 2019-07-30 23:16:44 +02:00
pop3.c cleanup: remove the 'numsocks' argument used in many places 2019-07-30 23:16:44 +02:00
pop3.h
progress.c XFERINFOFUNCTION: support CURL_PROGRESSFUNC_CONTINUE 2019-11-26 09:16:01 +01:00
progress.h
psl.c
psl.h psl: use latest psl and refresh it periodically 2018-05-28 20:37:14 +02:00
quic.h
rand.c
rand.h PolarSSL: deprecate support step 1. Removed from configure. 2019-05-22 10:00:56 +02:00
rename.c
rename.h
rtsp.c
rtsp.h
security.c security: silence conversion warning 2019-10-13 22:10:12 +02:00
select.c select: fix overflow protection in Curl_socket_check 2020-05-02 15:02:20 -04:00
select.h select: make Curl_socket_check take timediff_t timeout 2020-04-23 15:57:23 +02:00
sendf.c dynbuf: introduce internal generic dynamic buffer functions 2020-05-04 10:40:39 +02:00
sendf.h
setopt.c CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl) 2020-05-08 15:55:04 +02:00
setopt.h
setup-os400.h os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr, 2019-09-24 13:39:22 +02:00
setup-vms.h
setup-win32.h curl_setup: define _WIN32_WINNT_[OS] symbols 2020-03-21 17:42:44 -04:00
sha256.c windows: suppress UI in all CryptAcquireContext() calls 2020-03-17 23:08:02 +00:00
share.c psl: use latest psl and refresh it periodically 2018-05-28 20:37:14 +02:00
share.h
sigpipe.h sigpipe: if mbedTLS is used, ignore SIGPIPE 2019-01-28 12:03:33 +01:00
slist.c copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
slist.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
smb.c smb: check for full size message before reading message details 2019-09-16 14:16:06 +02:00
smb.h copyright updates: adjust year ranges 2020-04-26 23:59:22 +02:00
smtp.c smtp: set auth correctly 2020-04-25 14:14:43 +02:00
smtp.h smtp: Detect server support for the UTF-8 extension as defined in RFC-6531 2020-02-26 14:04:37 +00:00
sockaddr.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
socketpair.c lib: fix warnings found when porting to NuttX 2019-12-27 22:52:31 -05:00
socketpair.h socketpair: an implemention for Windows and more 2019-10-10 11:04:38 +02:00
socks_gssapi.c cleanup: insert newline after if() conditions 2020-03-30 16:05:30 +02:00
socks_sspi.c socks: make the connect phase non-blocking 2020-02-17 00:08:48 +01:00
socks.c
socks.h socks: make the connect phase non-blocking 2020-02-17 00:08:48 +01:00
speedcheck.c
speedcheck.h timeval: struct curltime is a struct timeval replacement 2017-07-28 15:51:25 +02:00
splay.c cleanup: remove FIXME and TODO comments 2019-05-16 09:16:56 +02:00
splay.h
strcase.c strcase: turn Curl_raw_tolower into static 2020-01-24 10:29:06 +01:00
strcase.h strcase: turn Curl_raw_tolower into static 2020-01-24 10:29:06 +01:00
strdup.c
strdup.h
strerror.c ngtcp2: Add an error code for QUIC connection errors 2020-01-11 18:19:32 -05:00
strerror.h
strtok.c copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
strtok.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
strtoofft.c
strtoofft.h
system_win32.c nit: Copyright year out of date 2020-02-19 08:04:35 +01:00
system_win32.h system_win32: fix clang warning 2019-07-11 02:27:04 -04:00
telnet.c
telnet.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
tftp.c tftp: Alloc maximum blksize, and use default unless OACK is received 2019-09-09 08:14:34 +02:00
tftp.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
timeval.c
timeval.h
transfer.c dynbuf: introduce internal generic dynamic buffer functions 2020-05-04 10:40:39 +02:00
transfer.h cleanup: remove the 'numsocks' argument used in many places 2019-07-30 23:16:44 +02:00
url.c
url.h url: Make the IDN conversion functions available to others 2020-02-26 11:01:47 +00:00
urlapi-int.h
urlapi.c urlapi: accept :: as a valid IPv6 address 2020-05-08 08:47:29 +02:00
urldata.h CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl) 2020-05-08 15:55:04 +02:00
version.c version: skip idn2_check_version() check and add precaution 2020-04-22 22:52:32 +02:00
warnless.c cleanup: make local functions static 2019-02-10 18:38:57 +01:00
warnless.h
wildcard.c
wildcard.h
x509asn1.c
x509asn1.h