delta/curl.git/lib/http2.c, branch bagder/timerfunction-not-recursive github.com: bagder/curl.git http2: verify :athority in push promise requests 2019-02-20T07:18:02+00:00 Daniel Stenberg daniel@haxx.se 2019-02-18T08:10:01+00:00 aa5a28bd697d652f78ba471022092e148d0b6e4f RFC 7540 says we should verify that the push is for an "authoritative" server. We make sure of this by only allowing push with an :athority header that matches the host that was asked for in the URL. Fixes #3577 Reported-by: Nicolas Grekas Bug: https://curl.haxx.se/mail/lib-2019-02/0057.html Closes #3581 
RFC 7540 says we should verify that the push is for an "authoritative"
server. We make sure of this by only allowing push with an :athority
header that matches the host that was asked for in the URL.

Fixes #3577
Reported-by: Nicolas Grekas
Bug: https://curl.haxx.se/mail/lib-2019-02/0057.html
Closes #3581
http2: multi_connchanged() moved from multi.c, only used for h2 2019-02-12T13:40:37+00:00 Daniel Stenberg daniel@haxx.se 2019-02-11T16:25:48+00:00 61496154ce8a6a24213cf3e8d4efcf2378dd4fc0 Closes #3557 
Closes #3557
cleanup: make local functions static 2019-02-10T17:38:57+00:00 Daniel Stenberg daniel@haxx.se 2019-02-08T08:33:42+00:00 05b100aee247bb9bec8e9a1b0166496aa4248d1c urlapi: turn three local-only functions into statics conncache: make conncache_find_first_connection static multi: make detach_connnection static connect: make getaddressinfo static curl_ntlm_core: make hmac_md5 static http2: make two functions static http: make http_setup_conn static connect: make tcpnodelay static tests: make UNITTEST a thing to mark functions with, so they can be static for normal builds and non-static for unit test builds ... and mark Curl_shuffle_addr accordingly. url: make up_free static setopt: make vsetopt static curl_endian: make write32_le static rtsp: make rtsp_connisdead static warnless: remove unused functions memdebug: remove one unused function, made another static 
urlapi: turn three local-only functions into statics

conncache: make conncache_find_first_connection static

multi: make detach_connnection static

connect: make getaddressinfo static

curl_ntlm_core: make hmac_md5 static

http2: make two functions static

http: make http_setup_conn static

connect: make tcpnodelay static

tests: make UNITTEST a thing to mark functions with, so they can be static for
normal builds and non-static for unit test builds

... and mark Curl_shuffle_addr accordingly.

url: make up_free static

setopt: make vsetopt static

curl_endian: make write32_le static

rtsp: make rtsp_connisdead static

warnless: remove unused functions

memdebug: remove one unused function, made another static
urldata: rename easy_conn to just conn 2019-01-11T14:35:13+00:00 Daniel Stenberg daniel@haxx.se 2019-01-02T17:04:58+00:00 ba243235ec04af62aee2cfc31bf0f05488e59fe7 We use "conn" everywhere to be a pointer to the connection. Introduces two functions that "attaches" and "detaches" the connection to and from the transfer. Going forward, we should favour using "data->conn" (since a transfer always only has a single connection or none at all) to "conn->data" (since a connection can have none, one or many transfers associated with it and updating conn->data to be correct is error prone and a frequent reason for internal issues). Closes #3442 
We use "conn" everywhere to be a pointer to the connection.

Introduces two functions that "attaches" and "detaches" the connection
to and from the transfer.

Going forward, we should favour using "data->conn" (since a transfer
always only has a single connection or none at all) to "conn->data"
(since a connection can have none, one or many transfers associated with
it and updating conn->data to be correct is error prone and a frequent
reason for internal issues).

Closes #3442
http2: clear pause stream id if it gets closed 2018-12-20T16:10:12+00:00 Daniel Stenberg daniel@haxx.se 2018-12-20T09:36:52+00:00 6dc1780ea54129b3e6721fe9ee3f9d4f1d7abc1b Reported-by: Florian Pritz Fixes #3392 Closes #3399 
Reported-by: Florian Pritz

Fixes #3392
Closes #3399
Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 2018-12-08T09:59:23+00:00 Johannes Schindelin johannes.schindelin@gmx.de 2018-12-07T16:04:39+00:00 d997aa0e963c5be5de100dccdc5208d39bd3d62b This is a companion patch to cbea2fd2c (NTLM: force the connection to HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1 preemptively. However, with other (Negotiate) authentication it is not clear to this developer whether there is a way to make it work with HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the error HTTP_1_1_REQUIRED. Note: we will still keep the NTLM workaround, as it avoids an extra round trip. Daniel Stenberg helped a lot with this patch, in particular by suggesting to introduce the Curl_h2_http_1_1_error() function. Closes #3349 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> 
This is a companion patch to cbea2fd2c (NTLM: force the connection to
HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1
preemptively. However, with other (Negotiate) authentication it is not
clear to this developer whether there is a way to make it work with
HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the
error HTTP_1_1_REQUIRED.

Note: we will still keep the NTLM workaround, as it avoids an extra
round trip.

Daniel Stenberg helped a lot with this patch, in particular by
suggesting to introduce the Curl_h2_http_1_1_error() function.

Closes #3349

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
snprintf: renamed and we now only use msnprintf() 2018-11-23T07:26:51+00:00 Daniel Stenberg daniel@haxx.se 2018-11-22T08:01:24+00:00 dcd6f810255785d52b89150e18460fb0899d4f7e The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297 
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.

Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
travis: add build for "configure --disable-verbose" 2018-10-18T12:51:49+00:00 Daniel Stenberg daniel@haxx.se 2018-10-16T21:35:44+00:00 ad547fcf7b3c0191f63396b94c797bfbb4147f62 Closes #3144 
Closes #3144
memory: ensure to check allocation results 2018-10-03T21:45:38+00:00 Daniel Gustafsson daniel@yesql.se 2018-10-02T22:56:29+00:00 2873971d6251b7c1eb278df1ee2b944d7c3fcdba The result of a memory allocation should always be checked, as we may run under memory pressure where even a small allocation can fail. This adds checking and error handling to a few cases where the allocation wasn't checked for success. In the ftp case, the freeing of the path variable is moved ahead of the allocation since there is little point in keeping it around across the strdup, and the separation makes for more readable code. In nwlib, the lock is aslo freed in the error path. Also bumps the copyright years on affected files. Closes #3084 Reviewed-by: Jay Satiro <raysatiro@yahoo.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se> 
The result of a memory allocation should always be checked, as we may
run under memory pressure where even a small allocation can fail. This
adds checking and error handling to a few cases where the allocation
wasn't checked for success. In the ftp case, the freeing of the path
variable is moved ahead of the allocation since there is little point
in keeping it around across the strdup, and the separation makes for
more readable code. In nwlib, the lock is aslo freed in the error path.

Also bumps the copyright years on affected files.

Closes #3084
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Curl_http2_done: fix memleak in error path 2018-09-25T15:03:45+00:00 Daniel Stenberg daniel@haxx.se 2018-09-25T09:48:43+00:00 304bb2f7c1b463373aa31c1530144c67f6afddb2 Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for early failures. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669 Closes #3046 
Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for
early failures.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669
Closes #3046