1. 10 Mar, 2018 3 commits
  2. 15 Nov, 2016 1 commit
    • curl_stream: use CURLINFO_ACTIVESOCKET if curl is recent enough · 5cbd5260
      The `CURLINFO_LASTSOCKET` information has been deprecated since
      curl version 7.45.0 as it may result in an overflow in the
      returned socket on certain systems, most importantly on 64 bit
      Windows. Instead, a new call `CURLINFO_ACTIVESOCKET` has been
      added which instead returns a `curl_socket_t`, which is always
      sufficiently long to store a socket.
      
      As we need to provide backwards compatibility with curl versions
      smaller than 7.45.0, alias CURLINFO_ACTIVESOCKET to
      CURLINFO_LASTSOCKET on platforms without CURLINFO_ACTIVESOCKET.
      Patrick Steinhardt committed
  3. 11 Nov, 2016 1 commit
    • curl_stream: check for -1 after CURLINFO_LASTSOCKET · 5ca75fd5
      We're recently trying to upgrade to the current master of libgit2
      in Cargo but we're unfortunately hitting a segfault in one of our
      tests. This particular test is just a small smoke test that https
      works (e.g. it's configured in libgit2). It attempts to clone
      from a URL which simply immediately drops connections after
      they're accepted (e.g. terminate abnormally). We expect to see a
      standard error from libgit2 but unfortunately we're seeing a
      segfault.
      
      This segfault is happening inside of the `wait_for` function of
      `curl_stream.c` at the line `FD_SET(fd, &errfd)` because `fd` is
      -1. This ends up doing an out-of-bounds array access that faults
      the program. I tracked back to where this -1 came from to the
      line here (returned by `CURLINFO_LASTSOCKET`) and added a check
      to return an error.
      Alex Crichton committed
  4. 19 Apr, 2016 2 commits
  5. 08 Feb, 2016 1 commit
  6. 17 Jan, 2016 1 commit
  7. 06 Aug, 2015 1 commit
  8. 10 Jul, 2015 1 commit
  9. 24 Jun, 2015 4 commits