Re: [Bug-wget] [GSoC 2015] Basic HTTP/2 support

2015-08-26 Thread Giuseppe Scrivano 
Daniel Stenberg dan...@haxx.se writes:

 On Thu, 30 Apr 2015, Daniel Stenberg wrote:

 Did anything happen with this project?

As far I know, nothing happened with it, but maybe Miquel has more
details about it.

Regards,
Giuseppe

[Bug-wget] [bug #45825] password's exposed during encoding conversion

2015-08-26 Thread Tim Ruehsen 
Follow-up Comment #1, bug #45825 (project wget):

Thanks for reporting.

I attached a patch that checks for '@' in both of the strings before printout.
Since the printing is just for debugging (ENABLE_DEBUG must be set), I assume
that suppressing the output when we have 'false psoitives' does not matter
that much.


(file #34732)
___

Additional Item Attachment:

File name: 0001-Suppress-debug-output-when-strings-may-contain-passw.patch
Size:1 KB


___

Reply to this item at:

  http://savannah.gnu.org/bugs/?45825

___
  Message sent via/by Savannah
  http://savannah.gnu.org/

Re: [Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget

2015-08-26 Thread Ander Juaristi 

On 08/15/2015 12:11 PM, Darshit Shah wrote:

I just ran coverity scan against the latest git code and it came up
with a bunch of new defects. Maybe we should take a look at them when
possible?




I fixed a memory leak in the HSTS code (function 
'parse_strict_transport_security').

Regards,
- AJ
From 5a4a45ffc34619e24b9359247fbc72eaeb0d8d74 Mon Sep 17 00:00:00 2001
From: Ander Juaristi ajuari...@gmx.es
Date: Wed, 26 Aug 2015 12:35:02 +0200
Subject: [PATCH] Fix resource leak.

 * src/http.c (parse_strict_transport_security): Freed memory to avoid resource leak.
   Comply with GNU coding style.
---
 src/http.c | 17 +
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/http.c b/src/http.c
index 834f59d..69d87cd 100644
--- a/src/http.c
+++ b/src/http.c
@@ -1272,12 +1272,12 @@ parse_strict_transport_security (const char *header, time_t *max_age, bool *incl
 {
   /* Process the STS header. Keys should be matched case-insensitively. */
   for (; extract_param (header, name, value, ';', is_url_encoded); is_url_encoded = false)
-  {
-	if (BOUNDED_EQUAL_NO_CASE(name.b, name.e, max-age))
-	  c_max_age = strdupdelim (value.b, value.e);
-	else if (BOUNDED_EQUAL_NO_CASE(name.b, name.e, includeSubDomains))
-	  is = true;
-  }
+{
+  if (BOUNDED_EQUAL_NO_CASE (name.b, name.e, max-age))
+c_max_age = strdupdelim (value.b, value.e);
+  else if (BOUNDED_EQUAL_NO_CASE (name.b, name.e, includeSubDomains))
+is = true;
+}
 
   /* pass the parsed values over */
   if (c_max_age)
@@ -1291,10 +1291,11 @@ parse_strict_transport_security (const char *header, time_t *max_age, bool *incl
 	  if (include_subdomains)
 	*include_subdomains = is;
 
-	  DEBUGP((Parsed Strict-Transport-Security max-age = %s, includeSubDomains = %s\n,
+	  DEBUGP ((Parsed Strict-Transport-Security max-age = %s, includeSubDomains = %s\n,
 		 c_max_age, (is ? true : false)));
 
-	  success = true;
+  xfree (c_max_age);
+  success = true;
 	}
   else
 	{
-- 
1.9.1