summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* fixup two comparisons to please MSVC's '==' : signed/unsigned mismatchbagder/urldata-bitfieldsDaniel Stenberg2019-02-252-2/+2
|
* urldata: convert bools to bitfields and move to endDaniel Stenberg2019-02-253-260/+234
| | | | | | | | | | This allows the compiler to pack and align the structs better in memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2 makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000. Removed an unused struct field. No functionality changes.
* acinclude: add additional libraries to check for LDAP supportMichael Felt2019-02-251-1/+3
| | | | | | | | - Add an additional check for LDAP that also checks for OpenSSL since on AIX those libraries may be required to link LDAP properly. Fixes https://github.com/curl/curl/issues/3595 Closes https://github.com/curl/curl/pull/3596
* schannel: support CALG_ECDH_EPHEM algorithmgeorgeok2019-02-252-0/+4
| | | | | | | | Add support for Ephemeral elliptic curve Diffie-Hellman key exchange algorithm option when selecting ciphers. This became available on the Win10 SDK. Closes https://github.com/curl/curl/pull/3608
* multi: call multi_done on connect timeoutsDaniel Stenberg2019-02-241-1/+2
| | | | | | | | | | Failing to do so would make the CURLINFO_TOTAL_TIME timeout to not get updated correctly and could end up getting reported to the application completely wrong (way too small). Reported-by: accountantM on github Fixes #3602 Closes #3605
* examples: remove recursive calls to curl_multi_socket_actionDaniel Stenberg2019-02-234-35/+22
| | | | | | | | | | From within the timer callbacks. Recursive is problematic for several reasons. They should still work, but this way the examples and the documentation becomes simpler. I don't think we need to encourage recursive calls. Discussed in #3537 Closes #3601
* configure: remove CURL_CHECK_FUNC_FDOPEN callMarcel Raad2019-02-231-1/+0
| | | | | | | The macro itself has been removed in commit 11974ac859c5d82def59e837e0db56fef7f6794e. Closes https://github.com/curl/curl/pull/3604
* wolfssl: stop custom-adding curvesDaniel Stenberg2019-02-232-21/+1
| | | | | | | | | since wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/717 (shipped in wolfSSL 3.10.2 and later) it sends these curves by default already. Pointed-out-by: David Garske Closes #3599
* configure: remove the unused fdopen macroDaniel Stenberg2019-02-223-95/+2
| | | | | | and the two remaining #ifdefs for it Closes #3600
* url: change conn shutdown order to unlink data as last stepJay Satiro2019-02-221-15/+24
| | | | | | | | | | | | | | | | | | | - Split off connection shutdown procedure from Curl_disconnect into new function conn_shutdown. - Change the shutdown procedure to close the sockets before disassociating the transfer. Prior to this change the sockets were closed after disassociating the transfer so SOCKETFUNCTION wasn't called since the transfer was already disassociated. That likely came about from recent work started in Jan 2019 (#3442) to separate transfers from connections. Bug: https://curl.haxx.se/mail/lib-2019-02/0101.html Reported-by: Pavel Löbl Closes https://github.com/curl/curl/issues/3597 Closes https://github.com/curl/curl/pull/3598
* Fix strict-prototypes GCC warningMarcel Raad2019-02-221-1/+1
| | | | | As seen in the MinGW autobuilds. Caused by commit f26bc29cfec0be84c67cf74065cf8e5e78fd68b7.
* tests: Fixed XML validation errors in some test files.Dan Fandrich2019-02-2115-11/+13
|
* TODO: Allow SAN names in HTTP/2 server pushDaniel Stenberg2019-02-201-0/+10
| | | | Suggested-by: Nicolas Grekas
* RELEASE-NOTES: syncedDaniel Stenberg2019-02-201-7/+34
|
* curl: remove MANUAL from -M outputDaniel Stenberg2019-02-205-36/+10
| | | | | | | | | | | | | | | ... and remove it from the dist tarball. It has served its time, it barely gets updated anymore and "everything curl" is now convering all this document once tried to include, and does it more and better. In the compressed scenario, this removes ~15K data from the binary, which is 25% of the -M output. It remains in the git repo for now for as long as the web site builds a page using that as source. It renders poorly on the site (especially for mobile users) so its not even good there. Closes #3587
* http2: verify :athority in push promise requestsDaniel Stenberg2019-02-201-0/+22
| | | | | | | | | | | RFC 7540 says we should verify that the push is for an "authoritative" server. We make sure of this by only allowing push with an :athority header that matches the host that was asked for in the URL. Fixes #3577 Reported-by: Nicolas Grekas Bug: https://curl.haxx.se/mail/lib-2019-02/0057.html Closes #3581
* singlesocket: fix the 'sincebefore' placementDaniel Stenberg2019-02-201-2/+2
| | | | | | | | | | | | The variable wasn't properly reset within the loop and thus could remain set for sockets that hadn't been set before and miss notifying the app. This is a follow-up to 4c35574 (shipped in curl 7.64.0) Reported-by: buzo-ffm on github Detected-by: Jan Alexander Steffens Fixes #3585 Closes #3589
* connection: never reuse CONNECT_ONLY conectionsDaniel Stenberg2019-02-195-67/+55
| | | | | | | | and make CONNECT_ONLY conections never reuse any existing ones either. Reported-by: Pavel Löbl Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html Closes #3586
* cli tool: fix mime post with --disable-libcurl-option configure optionPatrick Monnerat2019-02-198-127/+181
| | | | | | Reported-by: Marcel Raad Fixes #3576 Closes #3583
* x509asn1: cleanup and unify code layoutDaniel Stenberg2019-02-191-117/+132
| | | | | | | | | | | | | - rename 'n' to buflen in functions, and use size_t for them. Don't pass in negative buffer lengths. - move most function comments to above the function starts like we use to - remove several unnecessary typecasts (especially of NULL) Reviewed-by: Patrick Monnerat Closes #3582
* curl_multi_remove_handle.3: use at any time, just not from within callbacksDaniel Stenberg2019-02-191-1/+4
| | | | [ci skip]
* http: make adding a blank header thread-safeDaniel Stenberg2019-02-191-13/+21
| | | | | | | | | | | | Previously the function would edit the provided header in-place when a semicolon is used to signify an empty header. This made it impossible to use the same set of custom headers in multiple threads simultaneously. This approach now makes a local copy when it needs to edit the string. Reported-by: d912e3 on github Fixes #3578 Closes #3579
* unit1651: survive curl_easy_init() failsDaniel Stenberg2019-02-191-1/+3
|
* rand: Fix a mismatch between comments in source and header.Frank Gevaerts2019-02-181-2/+5
| | | | | Reported-by: Björn Stenberg <bjorn@haxx.se> Closes #3584
* x509asn1: replace single char with an arrayPatrick Monnerat2019-02-181-2/+2
| | | | | | | Although safe in this context, using a single char as an array may cause invalid accesses to adjacent memory locations. Detected by Coverity.
* examples/http2-serverpush: add some sensible error checksDaniel Stenberg2019-02-181-4/+15
| | | | | | To avoid NULL pointer dereferences etc in the case of problems. Closes #3580
* easy: fix win32 init to work without CURL_GLOBAL_WIN32Jay Satiro2019-02-181-49/+60
| | | | | | | | | | | | | | | | | | | | | | | - Change the behavior of win32_init so that the required initialization procedures are not affected by CURL_GLOBAL_WIN32 flag. libcurl via curl_global_init supports initializing for win32 with an optional flag CURL_GLOBAL_WIN32, which if omitted was meant to stop Winsock initialization. It did so internally by skipping win32_init() when that flag was set. Since then win32_init() has been expanded to include required initialization routines that are separate from Winsock and therefore must be called in all cases. This commit fixes it so that CURL_GLOBAL_WIN32 only controls the optional win32 initialization (which is Winsock initialization, according to our doc). The only users affected by this change are those that don't pass CURL_GLOBAL_WIN32 to curl_global_init. For them this commit removes the risk of a potential crash. Ref: https://github.com/curl/curl/pull/3573 Fixes https://github.com/curl/curl/issues/3313 Closes https://github.com/curl/curl/pull/3575
* cookie: Add support for cookie prefixesDaniel Gustafsson2019-02-175-13/+76
| | | | | | | | | | | The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes and how they should affect cookie initialization, which has been adopted by the major browsers. This adds support for the two prefixes defined, __Host- and __Secure, and updates the testcase with the supplied examples from the draft. Closes #3554 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* mbedtls: release sessionid resources on errorDaniel Gustafsson2019-02-161-0/+3
| | | | | | | | | | | If mbedtls_ssl_get_session() fails, it may still have allocated memory that needs to be freed to avoid leaking. Call the library API function to release session resources on this errorpath as well as on Curl_ssl_addsessionid() errors. Closes: #3574 Reported-by: Michał Antoniak <M.Antoniak@posnet.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* cli tool: refactor encoding conversion sequence for switch case fallthrough.Patrick Monnerat2019-02-161-7/+5
|
* version.c: silent scan-build even when librtmp is not enabledPatrick Monnerat2019-02-161-1/+5
|
* RELEASE-NOTES: syncedDaniel Stenberg2019-02-151-2/+48
|
* Curl_now: figure out windows version in win32_initDaniel Stenberg2019-02-152-16/+24
| | | | | | | | | | ... and avoid use of static variables that aren't thread safe. Fixes regression from e9ababd4f5a (present in the 7.64.0 release) Reported-by: Paul Groke Fixes #3572 Closes #3573
* unit1307: just fail without FTP supportMarcel Raad2019-02-151-9/+22
| | | | | | | | I missed to check this in with commit 71786c0505926aaf7e9b2477b2fb7ee16a915ec6, which only disabled the test. This fixes the actual linker error. Closes https://github.com/curl/curl/pull/3568
* travis: enable valgrind for the iconv tests tooDaniel Stenberg2019-02-151-1/+1
| | | | Closes #3571
* travis: add scan-buildDaniel Stenberg2019-02-141-0/+9
| | | | Closes #3564
* examples/sftpuploadresume: Value stored to 'result' is never readDaniel Stenberg2019-02-141-1/+3
| | | | Detected by scan-build
* examples/http2-upload: cleaned upDaniel Stenberg2019-02-141-44/+32
| | | | | Fix scan-build warnings, no globals, no silly handle scan. Also remove handles from the multi before cleaning up.
* examples/http2-download: cleaned upDaniel Stenberg2019-02-141-39/+34
| | | | To avoid scan-build warnings and global variables.
* examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'Daniel Stenberg2019-02-141-4/+2
| | | | Detected by scan-build
* examples/httpcustomheader: Value stored to 'res' is never readDaniel Stenberg2019-02-141-2/+2
| | | | Detected by scan-build
* examples: remove superfluous null-pointer checksDaniel Stenberg2019-02-143-6/+6
| | | | | | | in ftpget, ftpsget and sftpget, so that scan-build stops warning for potential NULL pointer dereference below! Detected by scan-build
* strip_trailing_dot: make sure NULL is never used for strlenDaniel Stenberg2019-02-141-0/+2
| | | | | scan-build warning: Null pointer passed as an argument to a 'nonnull' parameter
* connection_check: restore original conn->data after the checkJay Satiro2019-02-141-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Save the original conn->data before it's changed to the specified data transfer for the connection check and then restore it afterwards. This is a follow-up to 38d8e1b 2019-02-11. History: It was discovered a month ago that before checking whether to extract a dead connection that that connection should be associated with a "live" transfer for the check (ie original conn->data ignored and set to the passed in data). A fix was landed in 54b201b which did that and also cleared conn->data after the check. The original conn->data was not restored, so presumably it was thought that a valid conn->data was no longer needed. Several days later it was discovered that a valid conn->data was needed after the check and follow-up fix was landed in bbae24c which partially reverted the original fix and attempted to limit the scope of when conn->data was changed to only when pruning dead connections. In that case conn->data was not cleared and the original conn->data not restored. A month later it was discovered that the original fix was somewhat correct; a "live" transfer is needed for the check in all cases because original conn->data could be null which could cause a bad deref at arbitrary points in the check. A fix was landed in 38d8e1b which expanded the scope to all cases. conn->data was not cleared and the original conn->data not restored. A day later it was discovered that not restoring the original conn->data may lead to busy loops in applications that use the event interface, and given this observation it's a pretty safe assumption that there is some code path that still needs the original conn->data. This commit is the follow-up fix for that, it restores the original conn->data after the connection check. Assisted-by: tholin@users.noreply.github.com Reported-by: tholin@users.noreply.github.com Fixes https://github.com/curl/curl/issues/3542 Closes #3559
* memdebug: bring back curl_mark_scloseDaniel Stenberg2019-02-141-2/+2
| | | | | | Used by debug builds with NSS. Reverted from 05b100aee247bb
* transfer.c: do not compute length of undefined hex buffer.Patrick Monnerat2019-02-141-8/+10
| | | | | | | | | On non-ascii platforms, the chunked hex header was measured for char code conversion length, even for chunked trailers that do not have an hex header. In addition, the efective length is already known: use it. Since the hex length can be zero, only convert if needed. Reported by valgrind.
* KNOWN_BUGS: Cannot compile against a static build of OpenLDAPDaniel Stenberg2019-02-141-0/+5
| | | | Closes #2367
* x509asn1: "Dereference of null pointer"Patrick Monnerat2019-02-141-5/+6
| | | | Detected by scan-build (false positive).
* configure: show features as well in the final summaryDaniel Stenberg2019-02-141-0/+1
| | | | Closes #3569
* KNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10Daniel Stenberg2019-02-141-0/+5
| | | | Closes #2905
View Lorry Controller Status