my recent changes

diff --git a/CHANGES b/CHANGES
index 8bc8ee14210b27078c64fc2020bd16168c8f768c..99cd29ceb64c9e796eada17fcb5706a353a3a210 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,19 @@
 
                                   Changelog
 
+Daniel Stenberg (16 Nov 2008)
+- Added check for NULL returns from strdup() in src/main.c and lib/formdata.c
+  - reported by Jim Meyering also prevent buffer overflow on MSDOS when you do
+  for example -O on a url with a file name part longer than PATH_MAX letters
+
+- lib/nss.c fixes based on the report by Jim Meyering: I went over and added
+  checks for return codes for all calls to malloc and strdup that were
+  missing. I also changed a few malloc(13) to use arrays on the stack and a
+  few malloc(PATH_MAX) to instead use aprintf() to lower memory use.
+
+- I fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is
+  in use.
+
 Daniel Fandrich (14 Nov 2008)
 - Added .xml as one of the few common file extensions known by the multipart
   form generator.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 310df78f3eab2fd2929d12e4e41b7153077a34ba..6383f765e647b397d059ddd2ba80b2864f7ea881 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -13,7 +13,9 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
- o 
+ o fixed several calls to memory functions that didn't check return codes
+ o memory leak for SSL connects with libcurl/NSS when CURLOPT_ISSUERCERT was
+   used
 
 This release includes the following known bugs:
 
@@ -26,6 +28,6 @@ Other curl-related news:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- 
+ Yang Tse, Daniel Fandrich, Jim Meyering
 
         Thanks! (and sorry if I forgot to mention someone)