[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 78/222: doh: allow only http and https in debug mode
|
From: |
gnunet |
|
Subject: |
[gnurl] 78/222: doh: allow only http and https in debug mode |
|
Date: |
Thu, 07 Nov 2019 00:09:34 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit a5bf6a36c53fd860c1e9ef92e60ec08a4ad8f8e7
Author: Paul Dreik <address@hidden>
AuthorDate: Mon Sep 23 13:11:49 2019 +0200
doh: allow only http and https in debug mode
Otherwise curl may be told to use for instance pop3 to
communicate with the doh server, which most likely
is not what you want.
Found through fuzzing.
Closes #4406
---
lib/doh.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/doh.c b/lib/doh.c
index 05a6cc235..196e89d93 100644
--- a/lib/doh.c
+++ b/lib/doh.c
@@ -264,6 +264,9 @@ static CURLcode dohprobe(struct Curl_easy *data,
#ifndef CURLDEBUG
/* enforce HTTPS if not debug */
ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTPS);
+#else
+ /* in debug mode, also allow http */
+ ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS);
#endif
ERROR_CHECK_SETOPT(CURLOPT_TIMEOUT_MS, (long)timeout_ms);
if(data->set.verbose)
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 51/222: setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly, (continued)
- [gnurl] 51/222: setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly, gnunet, 2019/11/06
- [gnurl] 52/222: urlapi: part of conditional expression is always true: (relurl[0] == '/'), gnunet, 2019/11/06
- [gnurl] 56/222: tool_getparam: remove duplicate switch case, gnunet, 2019/11/06
- [gnurl] 65/222: appveyor: upgrade VS2017 to VS2019, gnunet, 2019/11/06
- [gnurl] 62/222: urlapi: avoid index underflow for short ipv6 hostnames, gnunet, 2019/11/06
- [gnurl] 63/222: cookie: pass in the correct cookie amount to qsort(), gnunet, 2019/11/06
- [gnurl] 66/222: urldata: use 'bool' for the bit type on MSVC compilers, gnunet, 2019/11/06
- [gnurl] 73/222: RELEASE-NOTES: synced, gnunet, 2019/11/06
- [gnurl] 72/222: openssl: fix compiler warning with LibreSSL, gnunet, 2019/11/06
- [gnurl] 79/222: vauth: The parameter 'status' must be surrounded by parentheses, gnunet, 2019/11/06
- [gnurl] 78/222: doh: allow only http and https in debug mode,
gnunet <=
- [gnurl] 71/222: curl: exit the create_transfers loop on errors, gnunet, 2019/11/06
- [gnurl] 80/222: quiche: The expression must be surrounded by parentheses, gnunet, 2019/11/06
- [gnurl] 69/222: travis: enable ngtcp2 h3-23 builds, gnunet, 2019/11/06
- [gnurl] 86/222: strcase: fix raw lowercasing the letter X, gnunet, 2019/11/06
- [gnurl] 85/222: http2: Expression 'stream->stream_id != - 1' is always true, gnunet, 2019/11/06
- [gnurl] 83/222: libssh: part of conditional expression is always true: !result, gnunet, 2019/11/06
- [gnurl] 76/222: http: lowercase headernames for HTTP/2 and HTTP/3, gnunet, 2019/11/06
- [gnurl] 84/222: http2: A value is being subtracted from the unsigned variable, gnunet, 2019/11/06
- [gnurl] 70/222: socks: Fix destination host shown on SOCKS5 error, gnunet, 2019/11/06
- [gnurl] 74/222: winbuild: Add manifest to curl.exe for proper OS version detection, gnunet, 2019/11/06