|
5ca75fd5
|
2016-11-10T08:00:22
|
|
curl_stream: check for -1 after CURLINFO_LASTSOCKET
We're recently trying to upgrade to the current master of libgit2
in Cargo but we're unfortunately hitting a segfault in one of our
tests. This particular test is just a small smoke test that https
works (e.g. it's configured in libgit2). It attempts to clone
from a URL which simply immediately drops connections after
they're accepted (e.g. terminate abnormally). We expect to see a
standard error from libgit2 but unfortunately we're seeing a
segfault.
This segfault is happening inside of the `wait_for` function of
`curl_stream.c` at the line `FD_SET(fd, &errfd)` because `fd` is
-1. This ends up doing an out-of-bounds array access that faults
the program. I tracked back to where this -1 came from to the
line here (returned by `CURLINFO_LASTSOCKET`) and added a check
to return an error.
|
|
467e2cb1
|
2015-10-02T10:11:43
|
|
curl: ask for proxy credentials
|
|
b373e9a6
|
2015-09-21T22:38:50
|
|
net: use proxy options struct in the stream config
|
|
a001846b
|
2016-02-08T17:05:57
|
|
curl_stream: fix unused cert infos
When copying contents of the cURL certiinfo we duplicate the
data but forget to actually put it into the vector.
|
|
8bd1c19e
|
2016-01-16T19:39:24
|
|
Free allocated pointer to curl stream on error
|
|
dc035189
|
2015-08-06T13:02:35
|
|
curl: use the most secure auth method for the proxy
When curl uses a proxy, it will only use Basic unless we prompt it to
try to use the most secure on it has available.
This is something which git did recently, and it seems like a good idea.
|
|
79698030
|
2015-06-29T22:51:18
|
|
git_cert: child types use proper base type
|
|
8443f492
|
2015-06-11T16:57:04
|
|
curl: remove the encrypted param to the constructor
We do not want libcurl to perform the TLS negotiation for us, so we
don't need to pass this option.
|
|
cdee630f
|
2015-06-09T19:07:58
|
|
curl: extract certificate information
The information is exposed by curl for some crypto libraries in the form
of name:content strings. We can't do much more than return this
information.
|
|
1376e784
|
2015-06-07T14:42:13
|
|
stream: add support for setting a proxy
If the stream claims to support this feature, we can let the transport
set the proxy.
We also set HTTPPROXYTUNNEL option so curl can create a tunnel through
the proxy which lets us create our own TLS session (if needed).
|
|
8dea1c21
|
2015-06-05T11:02:11
|
|
Implement a curl stream
cURL has a mode in which it acts a lot like our streams, providing send
and recv functions and taking care of the TLS and proxy setup for us.
Implement a new stream which uses libcurl instead of raw sockets or the
TLS libraries directly. This version does not support reporting
certificates or proxies yet.
|