delta/curl.git/lib/transfer.c, branch bagder/test493-https github.com: bagder/curl.git transfer: clear 'referer' in declaration 2021-03-29T07:45:53+00:00 Daniel Stenberg daniel@haxx.se 2021-03-29T07:32:14+00:00 6bb028dbda6cbfe83f66de773544f71e4813160f To silence (false positive) compiler warnings about it. Follow-up to 7214288898f5625 Reviewed-by: Marcel Raad Closes #6810 
To silence (false positive) compiler warnings about it.

Follow-up to 7214288898f5625

Reviewed-by: Marcel Raad
Closes #6810
transfer: strip credentials from the auto-referer header field 2021-03-28T21:19:55+00:00 Viktor Szakats commit@vsz.me 2021-02-23T13:54:46+00:00 7214288898f5625a6cc196e22a74232eada7861c Added test 2081 to verify. CVE-2021-22876 Bug: https://curl.se/docs/CVE-2021-22876.html 
Added test 2081 to verify.

CVE-2021-22876

Bug: https://curl.se/docs/CVE-2021-22876.html
urldata: merge "struct DynamicStatic" into "struct UrlState" 2021-03-26T22:19:20+00:00 Daniel Stenberg daniel@haxx.se 2021-03-26T13:25:45+00:00 95cbcec8f986492766c4be3922af1e7644e1e7c5 Both were used for the same purposes and there was no logical separation between them. Combined, this also saves 16 bytes in less holes in my test build. Closes #6798 
Both were used for the same purposes and there was no logical separation
between them. Combined, this also saves 16 bytes in less holes in my
test build.

Closes #6798
http: use credentials from transfer, not connection 2021-02-13T21:36:15+00:00 Daniel Stenberg daniel@haxx.se 2021-02-12T09:27:42+00:00 46620b97431e19c53ce82e55055c85830f088cf4 HTTP auth "accidentally" worked before this cleanup since the code would always overwrite the connection credentials with the credentials from the most recent transfer and since HTTP auth is typically done first thing, this has not been an issue. It was still wrong and subject to possible race conditions or future breakage if the sequence of functions would change. The data.set.str[] strings MUST remain unmodified exactly as set by the user, and the credentials to use internally are instead set/updated in state.aptr.* Added test 675 to verify different credentials used in two requests done over a reused HTTP connection, which previously behaved wrongly. Fixes #6542 Closes #6545 
HTTP auth "accidentally" worked before this cleanup since the code would
always overwrite the connection credentials with the credentials from
the most recent transfer and since HTTP auth is typically done first
thing, this has not been an issue. It was still wrong and subject to
possible race conditions or future breakage if the sequence of functions
would change.

The data.set.str[] strings MUST remain unmodified exactly as set by the
user, and the credentials to use internally are instead set/updated in
state.aptr.*

Added test 675 to verify different credentials used in two requests done
over a reused HTTP connection, which previously behaved wrongly.

Fixes #6542
Closes #6545
urldata: don't touch data->set.httpversion at run-time 2021-02-12T07:13:37+00:00 Daniel Stenberg daniel@haxx.se 2021-02-11T15:30:32+00:00 88dd1a8a115b1f5ece26fd8941b4464973b7d913 Rename it to 'httpwant' and make a cloned field in the state struct as well for run-time updates. Also: refuse non-supported HTTP versions. Verified with test 129. Closes #6585 
Rename it to 'httpwant' and make a cloned field in the state struct as
well for run-time updates.

Also: refuse non-supported HTTP versions. Verified with test 129.

Closes #6585
ftp: add 'list_only' to the transfer state struct 2021-02-09T13:06:28+00:00 Daniel Stenberg daniel@haxx.se 2021-02-08T15:40:34+00:00 528f71c2ecdbb03117af226978804148d69a1007 and rename it from 'ftp_list_only' since it is also used for SSH and POP3. The state is updated internally for 'type=D' FTP URLs. Added test case 1570 to verify. Closes #6578 
and rename it from 'ftp_list_only' since it is also used for SSH and
POP3. The state is updated internally for 'type=D' FTP URLs.

Added test case 1570 to verify.

Closes #6578
ftp: add 'prefer_ascii' to the transfer state struct 2021-02-09T13:06:28+00:00 Daniel Stenberg daniel@haxx.se 2021-02-08T14:56:10+00:00 115c9e27f53809a254fba44b023bea92f4d4dcd0 ... and make sure the code never updates 'set.prefer_ascii' as it breaks handle reuse which should use the setting as the user specified it. Added test 1569 to verify: it first makes an FTP transfer with ';type=A' and then another without type on the same handle and the second should then use binary. Previously, curl failed this. Closes #6578 
... and make sure the code never updates 'set.prefer_ascii' as it breaks
handle reuse which should use the setting as the user specified it.

Added test 1569 to verify: it first makes an FTP transfer with ';type=A'
and then another without type on the same handle and the second should
then use binary. Previously, curl failed this.

Closes #6578
urldata: move 'followlocation' to UrlState 2021-02-09T07:22:45+00:00 Daniel Stenberg daniel@haxx.se 2021-02-08T22:00:21+00:00 f1e5e498796d3f71e3c22e9406796e9ab6c82d1f As this is a state variable it does not belong in UserDefined which is used to store values set by the user. Closes #6582 
As this is a state variable it does not belong in UserDefined which is
used to store values set by the user.

Closes #6582
transfer: fix GCC 10 warning with flag '-Wint-in-bool-context' 2021-01-29T13:47:28+00:00 Michał Antoniak m.antoniak@posnet.com.pl 2021-01-29T08:20:17+00:00 1c1158a9dd2d2f89ba32f5c95461dd63a18e86ad ... and return the error code from the Curl_mime_rewind call. Closes #6537 
... and return the error code from the Curl_mime_rewind call.

Closes #6537
avoid warning: enum constant in boolean context 2021-01-29T13:47:26+00:00 Michał Antoniak m.antoniak@posnet.com.pl 2021-01-27T13:40:24+00:00 0cf5670c54bc6f94cea714d71bacab234ea23c51