Contact DMCA Privacy

Robuta

https://github.com/curl/curl/pull/18928 config: drop support for Heimdal by bagder · Pull Request #18928 · curl/curl · GitHub The kerberos5 library Heimdal is one of three GSS libraries curl support. It has a memory leak triggered by the new test in #18917 and the project seems mostly... drop supportpull request https://github.com/curl/curl/pull/9328 SFTP: make atime/mtime date overflow return error by bagder · Pull Request #9328 · curl/curl ·... return errorsftpmakeatimedate Sponsored https://www.trueamateurs.com/ True Amateurs Watch true amateur pornstars getting naked and fucking on TrueAmateurs. These sexy homemade porn videos will arouse you with the horniest amateur nymphos. https://github.com/curl/curl/pull/19033 tftp: error requests for blank filenames by bagder · Pull Request #19033 · curl/curl · GitHub Reported-by: Joshua Rogers tftperrorrequestsblankbagder https://github.com/curl/curl/pull/20312 BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 by bagder · Pull Request #20312 · curl/curl ·... A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... bug bountymdstopend https://github.com/curl/curl/pull/18644 vtls_int.h: clarify data_pending by bagder · Pull Request #18644 · curl/curl · GitHub Suggested-by: Joseph Birr-Pixton vtlsinthclarifydata https://github.com/curl/curl/pull/19782 auth: always treat Curl_auth_ntlm_get() returning NULL as OOM by bagder · Pull Request #19782 ·... curl ntlmauthalwaystreatget https://github.com/curl/curl/pull/19039 pop3: function could get the ->transfer field wrong by bagder · Pull Request #19039 ·... could getfunctiongttransfer https://github.com/curl/curl/pull/19651 tool_msgs: make voutf() use stack instead of heap by bagder · Pull Request #19651 · curl/curl ·... For printf()ing the message to show. use stacktoolmsgsmakeinstead https://github.com/curl/curl/pull/20683 VULN-DISCLOSURE-POLICY.md: back to using hackerone on March 1st, 2026 by bagder · Pull Request... A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... disclosure policyvulnmdback https://github.com/curl/curl/pull/20569 schannel: small simplifications by bagder · Pull Request #20569 · curl/curl · GitHub A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... pull requestschannelsmall Sponsored https://www.flirt4free.com/ Free Live Sex Cams and Adult Chat | Flirt4Free https://github.com/curl/curl/pull/18647 openssl: make the asn1_object_dump name null terminated by bagder · Pull Request #18647 ·... opensslmakeobjectdumpname https://github.com/curl/curl/pull/19858 formdata: validate callback is non-NULL before use by bagder · Pull Request #19858 · curl/curl ·... curl_formget() accepts a user-provided callback function but does not validate it is non-NULL before calling it. If a caller passes NULL, the function will... formdatavalidatecallbacknon https://github.com/curl/curl/pull/20679 URL-SYNTAX.md: fix port number mistakes for IMAP and LDAP by bagder · Pull Request #20679 ·... A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... url syntaxport numbermdfix https://github.com/curl/curl/pull/20425 noproxy: simplify, don't mix const non-const in strchr() by bagder · Pull Request #20425 ·... A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... simplifymixconstnon https://github.com/curl/curl/pull/18749 cf-ip-happy: mention unix domain path, not port number by bagder · Pull Request #18749 ·... In the connect error message if a unix domain socket was used. Reported-by: kuchara on github Ref: #18748 unix domainport numbercfip https://github.com/curl/curl/pull/19667 tool_writeout: bail out proper on OOM by bagder · Pull Request #19667 · curl/curl · GitHub toolwriteoutbailproperoom https://github.com/curl/curl/pull/18747 openldap: check ber_sockbuf_add_io() return code by bagder · Pull Request #18747 · curl/curl ·... The man page says nothing about what the return code means but Howard Chu tells me it is 0 on success, -1 on fail. Help-by: Howard Chu return codeopenldapcheckberio https://github.com/curl/curl/pull/18551 CURLOPT_TIMECONDITION.md: works for FILE and FTP as well by bagder · Pull Request #18551 ·... curloptmdworksfileftp https://github.com/curl/curl/pull/18988 ldap: avoid null ptr deref on failure by bagder · Pull Request #18988 · curl/curl · GitHub ldap_get_dn() can return NULL on error Reported-by: Joshua Rogers avoid nullldapptrdereffailure Sponsored https://ourdream.ai/ ourdream.ai | Ultimate Adult AI Playground | Unlimited Chat, Pics, Videos, and more. The ultimate adult AI playground. Create unlimited dream companions and explore your every desire. Stunning pics, HD videos, unlimited roleplay, and much more... https://github.com/curl/curl/pull/20282 checksrc: warn for leading spaces before the hash by bagder · Pull Request #20282 · curl/curl ·... A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... warnleadingspaceshashbagder https://github.com/curl/curl/pull/19571 http: avoid two strdup()s and do minor simplifications by bagder · Pull Request #19571 ·... httpavoidtwostrdupminor https://github.com/curl/curl/pull/20028 compressed.md: might generate a huge amount of bytes by bagder · Pull Request #20028 · curl/curl... Make sure this is not a surprise huge amountcompressedmdmight https://github.com/curl/curl/pull/19864 cookie: improved allocations by bagder · Pull Request #19864 · curl/curl · GitHub pull requestcookieimproved Sponsored https://www.erito.com/ Erito Checkout the official Spicevids pornsite featuring top rated Asian pornstars in HD XXX videos. https://github.com/curl/curl/pull/20802 tool_operate: reset the URL --url-query between --next by bagder · Pull Request #20802 · curl/curl... A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... tool operateurl queryreset https://github.com/curl/curl/pull/20206 urldata.h: remove two forward-declared structs not used by bagder · Pull Request #20206 · curl/curl... A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... urldatahremovetwoforward https://github.com/curl/curl/pull/19791 libssh2: consider strdup() failures OOM and return correctly by bagder · Pull Request #19791 ·... considerstrdupfailuresoom https://github.com/curl/curl/pull/18793 tool_getparam: warn if provided header looks malformed by bagder · Pull Request #18793 ·... URL: https://fosstodon.org/@galdor/115298664084113519 tool getparamwarnprovided Sponsored https://fantasy.ai/ Create, Chat, and Connect with Your Perfect AI Companion - Fantasy.ai Upgrade your Fantasy with a next-level AI Companion Platform. Create, Chat, and Connect. Your Fantasy, your Way! https://github.com/curl/curl/pull/18976 krb5_gssapi: fix memory leak on error path by bagder · Pull Request #18976 · curl/curl · GitHub If a non-compliant amount of bytes is received, the function would return error without free. Reported-by: Joshua Rogers memory leakgssapifixerrorpath https://github.com/curl/curl/pull/19591 cookie: return error on OOM by bagder · Pull Request #19591 · curl/curl · GitHub Follow-up to 3f0629c return errorpull requestoom https://github.com/curl/curl/pull/19137 cf-socket: make set_local_ip void, and remove failf() by bagder · Pull Request #19137 · curl/curl... No callers of this function checked the return code, meaning failures are not lethal == failf is wrong, and it can just as well return void. cf socketlocal ipmakesetvoid https://github.com/curl/curl/pull/18525 urldata: FILE is not a list-only protocol by bagder · Pull Request #18525 · curl/curl · GitHub The struct field thus does not depend on the presence of it urldatafilelistprotocolbagder https://github.com/curl/curl/pull/19725 ngtcp2: remove the unused Curl_conn_is_ngtcp2 function by bagder · Pull Request #19725 ·... unused curlremoveconnfunction https://github.com/curl/curl/pull/20160 altsvc: accept ma/persist per alternative entry by bagder · Pull Request #20160 · curl/curl ·... alternative entryacceptper https://github.com/curl/curl/pull/18790 form.md: drop reference to MANUAL by bagder · Pull Request #18790 · curl/curl · GitHub md dropformreferencemanual https://github.com/curl/curl/pull/18628 rustls: typecast variable for safer trace output by bagder · Pull Request #18628 · curl/curl ·... This is a variadic function call with a mismatched argument type; on platforms where uintptr_t and size_t differ, this invokes undefined behavior. Reported in... rustlstypecastvariablesafer https://github.com/curl/curl/pull/19802 curl_gssapi: make sure Curl_gss_log_error() has an initialized buffer by bagder · Pull Request... Reported-by: Stanislav Fort (Aisle Research) make surecurlgssapilogerror https://github.com/curl/curl/pull/19110 wolfssl: fix resource leak in verify_pinned error paths by bagder · Pull Request #19110 ·... Pointed out by ZeroPath wolfssl fixresourceleakverify https://github.com/curl/curl/pull/18855 url: make Curl_init_userdefined return void by bagder · Pull Request #18855 · curl/curl · GitHub It cannot actually return an error, so the parent function does not need to check for error and have an exit path that cannot be reached. Pointed out by... urlmakeinitreturnvoid https://github.com/curl/curl/pull/19779 url: fix return code for OOM in parse_proxy() by bagder · Pull Request #19779 · curl/curl ·... url fixreturn codeoomparse https://github.com/curl/curl/pull/19382 tool_ipfs: check return codes better by bagder · Pull Request #19382 · curl/curl · GitHub return codestoolipfscheckpull https://github.com/curl/curl/pull/19153 HTTP3: clarify the status for "old" OpenSSL, not current by bagder · Pull Request #19153... clarifystatusquotoldopenssl https://github.com/curl/curl/pull/18996 doswin: CloseHandle the thread on shutdown by bagder · Pull Request #18996 · curl/curl · GitHub As this is in the tool shutdown the impact of it was nothing. Also, move two global variables to local. Follow-up to 9a26633 Reported-by: Joshua Rogers doswinthreadshutdownbagder https://github.com/curl/curl/pull/19139 socks: avoid UAF risk in error path by bagder · Pull Request #19139 · curl/curl · GitHub The code obtained a pointer resp via Curl_bufq_peek(), but called Curl_bufq_skip() before it would access them in the failf() call. The Curl_bufq_skip() call... socksavoiduafriskerror https://github.com/curl/curl/pull/19938 mdlinkcheck: only look for markdown links in markdown files by bagder · Pull Request #19938 ·... lookmarkdownlinksfiles Sponsored https://adultfriendfinder.com/ AdultFriendFinder – The World’s Largest Dating and Social Discovery Site Join the Largest Community of Fun-Loving Adults - AdultFriendFinder. Discover the excitement of connecting with millions of like-minded members on... https://github.com/curl/curl/pull/20385 asyn-ares: abort with OOM error when Curl_dnscache_mk_entry fails by bagder · Pull Request #20385 ·... A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... curl dnscacheasynaresabortoom https://github.com/curl/curl/pull/19756 rustls: verify that verifier_builder is not NULL by bagder · Pull Request #19756 · curl/curl ·... Since this function returns allocated resources there is probably at least a theoretical risk this can return NULL. Pointed out by ZeroPath rustlsverifyverifierbuilder https://github.com/curl/curl/pull/19872 docs: use more https:// URLs by bagder · Pull Request #19872 · curl/curl · GitHub https urlspull requestdocsuse https://github.com/curl/curl/pull/18654 ws: clarify an error message by bagder · Pull Request #18654 · curl/curl · GitHub error messagepull requestws https://github.com/curl/curl/pull/18627 curl_slist_append.md: clarify that a NULL pointer is not acceptable by bagder · Pull Request... null pointercurlappendmd https://github.com/curl/curl/pull/20285 curl_easy_nextheader.md: a new transfer invalidates 'prev' by bagder · Pull Request #20285 ·... A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... curl easymdnewtransferprev https://github.com/curl/curl/pull/18580 managen: render better manpage references/links by bagder · Pull Request #18580 · curl/curl ·... When an option name is used in text, this script no longer outputs the short plus long version in the manpage output. It makes the text much more readable.... managenrenderbettermanpage https://github.com/curl/curl/pull/19459 wolfssl: avoid NULL dereference in OOM situation by bagder · Pull Request #19459 · curl/curl ·... Verify that wolfSSL_BIO_meth_new() actually works and handle situations where it returns NULL. Reported-by: Stanislav Fort (Aisle Research) avoid nullwolfssldereference https://github.com/curl/curl/pull/19780 http: handle oom error from Curl_input_digest() by bagder · Pull Request #19780 · curl/curl ·... curl inputhttphandleoomerror https://github.com/curl/curl/pull/20843 http: only send bearer if auth is allowed by bagder · Pull Request #20843 · curl/curl · GitHub A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... httpsendbearerauthallowed https://github.com/curl/curl/pull/18642 schannel: assign result before using it by bagder · Pull Request #18642 · curl/curl · GitHub schannelassignresultusingpull https://github.com/curl/curl/pull/19440 urlapi: fix mem-leaks in curl_url_get error paths by bagder · Pull Request #19440 · curl/curl ·... Reported-by: Stanislav Fort (Aisle Research) curl urlfixmemleaksget https://github.com/curl/curl/pull/19388 tool_paramhlp: refuse --proto removing all protocols by bagder · Pull Request #19388 · curl/curl... curl is for transfers so disabling all protocols has to be a mistake. Previously it would allow this to get set and then let libcurl return error instead.... toolrefuseprotoremovingbagder https://github.com/curl/curl/pull/19781 http: acknowledge OOM errors from Curl_input_ntlm by bagder · Pull Request #19781 · curl/curl ·... acknowledge oomcurl inputhttp Sponsored https://www.xotic.ai/explore Explore AI Girlfriend & AI Characters | Xotic Find your perfect AI girlfriend or explore thousands of unique AI characters. Filter by anime or realistic styles, gender preferences, and discover immersive... https://github.com/curl/curl/pull/20579 smb: include arpa/inet.h for NonStop by bagder · Pull Request #20579 · curl/curl · GitHub A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... smbincludearpaineth Sponsored https://www.xlovecam.com/ Skinny Girls - Xlovecam Chat with hundreds of English and foreign Sexy WebCam Girls, Discover their Live Cam XXX Show for Free, Without Registration and in HD quality at XloveCam... https://github.com/curl/curl/pull/20375 config2setopts: acknowledge OOM error from CURLOPT_MIMEPOST by bagder · Pull Request #20375 ·... A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... acknowledge oomerrorcurlopt https://github.com/curl/curl/pull/18862 cf-socket: always check Curl_cf_socket_peek() return code by bagder · Pull Request #18862 ·... Make it trigger a warning if not. cf socketalways checkcurlpeek https://github.com/curl/curl/pull/20262 urldata: change 'keep_post' into three distinct bitfields by bagder · Pull Request #20262 ·... A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... three distincturldatachange https://github.com/curl/curl/pull/20221 tool_operate: remove 'else' for VMS by bagder · Pull Request #20221 · curl/curl · GitHub A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... tool operateremoveelsevmspull Sponsored https://www.secrets.ai/ Secrets AI - #1 Realistic AI Girlfriend Website for Chatting Chat 24/7 with realistic AI Girlfriend and enjoy 100+ Fantasies. Secrets AI is the best AI girlfriend website for mutual fun & personal AI companion bonding.... https://github.com/curl/curl/pull/19157 cookie: only count accepted cookies in Curl_cookie_add by bagder · Pull Request #19157 ·... The counter used to stop accepting cookies after a certain amount has been received in a single response would previously also count some cookies that were not... cookiecountacceptedcurladd https://github.com/curl/curl/pull/19088 examples/websocket: fix use of uninitialized rlen by bagder · Pull Request #19088 · curl/curl ·... Pointed out by ZeroPath fix useexampleswebsocket https://github.com/curl/curl/pull/18979 Curl_resolv: fix comment. 'entry' argument is not optional by bagder · Pull Request #18979... Reported-by: Joshua Rogers curlresolvfixcommententry https://github.com/curl/curl/pull/18680 hostip: remove unnecessary leftover INT_MAX check in Curl_dnscache_prune by bagder · Pull Request... The math already uses timediff_t so no need for the extra logic Ref: #18678 remove unnecessaryhostipint https://github.com/curl/curl/pull/19069 ftp: replace strstr() in ;type= handling by bagder · Pull Request #19069 · curl/curl · GitHub Since it needs to be a trailing piece of the path avoiding strstr() is faster and more reliable. Also stopped checking the host name since it cannot actually... type handlingftpreplacebagder https://github.com/curl/curl/pull/20209 urldata: switch to uint* types more widely by bagder · Pull Request #20209 · curl/curl · GitHub urldataswitchtypeswidely https://github.com/curl/curl/pull/19043 libssh2: avoid risking using an uninitialized local struct field by bagder · Pull Request #19043... Reported-by: Joshua Rogers avoid riskingusinglocalstruct https://github.com/curl/curl/pull/20101 curl_quiche: refuse headers with CR, LF or null bytes by bagder · Pull Request #20101 · curl/curl... curlquicherefuseheaderscr https://github.com/curl/curl/pull/20118 tool_getparam: use memdup0() instead of malloc + copy by bagder · Pull Request #20118 · curl/curl... tool getparamuseinsteadmalloc https://github.com/curl/curl/pull/19829 SOCKS docs: clarification for unix domain sockets by bagder · Pull Request #19829 · curl/curl ·... unix domainsocksdocssockets https://github.com/curl/curl/pull/19774 imap: make sure Curl_pgrsSetDownloadSize() does not overflow by bagder · Pull Request #19774 ·... Follow-up to c1e3a76. The previous update missed an addition that also can wrap and cause confusion. Fixing this by calling Curl_pgrsSetDownloadSize() after... make sureimapcurloverflow https://github.com/curl/curl/pull/20805 content_encoding: return 'identity' if none other exists by bagder · Pull Request #20805 ·... A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP,... contentencodingreturnidentity https://github.com/curl/curl/pull/18737 schannel_verify: use more human friendly error messages by bagder · Pull Request #18737 ·... human friendlyerror messages https://github.com/curl/curl/pull/19960 tool_urlglob: support globs as long as config line lengths by bagder · Pull Request #19960 ·... libcurl supports up to 8MB string inputs, the config file accepts up to 10MB line lengths. It did not make sense to limit the globs to a maximum of one... config linetoolurlglobsupport https://github.com/curl/curl/pull/19190 ftp: remove 'newhost' and 'newport' from the ftp_conn struct by bagder · Pull... They are only needed locally, no need to keep them around. ftpremovenewport https://github.com/curl/curl/pull/19439 cshutdn: acknowledge FD_SETSIZE for shutdown descriptors by bagder · Pull Request #19439 ·... In the logic called for curl_multi_fdset(). File descriptors larger than FD_SETSIZE size are simply ignored, which of course will make things break but at... acknowledgefdshutdownbagder https://github.com/curl/curl/pull/18719 socks_sspi: bail out on too long fields by bagder · Pull Request #18719 · curl/curl · GitHub A probably unnecessary precaution but since the field sizes are 16 bit in the protocol this makes sure to fail if they would ever be larger as that would go... sockssspibaillongfields