summaryrefslogtreecommitdiff
path: root/lib/http.c
Commit message (Collapse)AuthorAgeFilesLines
* checksrc: detect more kinds of NULL comparisons we avoidDaniel Stenberg2021-12-271-2/+2
| | | | | Co-authored-by: Jay Satiro Closes #8180
* http: Fix CURLOPT_HTTP200ALIASESVladimir Panteleev2021-12-211-1/+1
| | | | | | | The httpcode < 100 check was also triggered when none of the fields were parsed, thus making the if(!nc) block unreachable. Closes #8171
* http: enable haproxy support for hyper backendDaniel Stenberg2021-11-191-4/+3
| | | | | | | | | | | | | | This is done by having native code do the haproxy header output before hyper issues its request. The little downside with this approach is that we need the entire Curl_buffer_send() function built, which is otherwise not used for hyper builds. If hyper ends up getting native support for the haproxy protocols we can backpedal on this. Enables test 1455 and 1456 Closes #8034
* http: reject HTTP response codes < 100Daniel Stenberg2021-10-271-2/+6
| | | | | | | | | | ... which then also includes negative ones as test 1430 uses. This makes native + hyper backend act identically on this and therefore test 1430 can now be enabled when building with hyper. Adjust test 1431 as well. Closes #7909
* http: set content length earlierJay Satiro2021-10-151-39/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Make content length (ie download size) accessible to the user in the header callback, but only after all headers have been processed (ie only in the final call to the header callback). Background: For a long time the content length could be retrieved in the header callback via CURLINFO_CONTENT_LENGTH_DOWNLOAD_T as soon as it was parsed by curl. Changes were made in 8a16e54 (precedes 7.79.0) to ignore content length if any transfer encoding is used. A side effect of that was that content length was not set by libcurl until after the header callback was called the final time, because until all headers are processed it cannot be determined if content length is valid. This change keeps the same intention --all headers must be processed-- but now the content length is available before the final call to the header function that indicates all headers have been processed (ie a blank header). Bug: https://github.com/curl/curl/commit/8a16e54#r57374914 Reported-by: sergio-nsk@users.noreply.github.com Co-authored-by: Daniel Stenberg Fixes https://github.com/curl/curl/issues/7804 Closes https://github.com/curl/curl/pull/7803
* http: remove assert that breaks hyperDaniel Stenberg2021-10-141-1/+1
| | | | | | Reported-by: Jay Satiro Fixes #7852 Closes #7855
* http: fix Basic auth with empty name field in URLDaniel Stenberg2021-10-061-1/+1
| | | | | | | | Add test 367 to verify. Reported-by: Rick Lane Fixes #7819 Closes #7820
* http: fix the broken >3 digit response code detectionDaniel Stenberg2021-09-171-5/+5
| | | | | | | | | | | | | When the "reason phrase" in the HTTP status line starts with a digit, that was treated as the forth response code digit and curl would claim the response to be non-compliant. Added test 1466 to verify this case. Regression brought by 5dc594e44f73b17 Reported-by: Glenn de boer Fixes #7738 Closes #7739
* http: ignore content-length if any transfer-encoding is usedDaniel Stenberg2021-08-311-9/+20
| | | | | Fixes #7643 Closes #7649
* http: disallow >3-digit response codesDaniel Stenberg2021-08-261-3/+13
| | | | | | | | | | Make the built-in HTTP parser behave similar to hyper and reject any HTTP response using more than 3 digits for the response code. Updated test 1432 accordingly. Enabled test 1432 in the hyper builds. Closes #7641
* c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connectionDaniel Stenberg2021-08-231-5/+5
| | | | | | Enable test 1074 Closes #7617
* http: consider cookies over localhost to be secureDaniel Stenberg2021-08-101-17/+22
| | | | | | | | | Updated test31. Added test 392 to verify secure cookies used for http://localhost Reviewed-by: Daniel Gustafsson Fixes #6733 Closes #7263
* lib: fix compiler warnings with CURL_DISABLE_NETRCMAntoniak2021-07-181-0/+2
| | | | | | | | | | warning C4189: 'netrc_user_changed': local variable is initialized but not referenced warning C4189: 'netrc_passwd_changed': local variable is initialized but not referenced Closes #7423
* infof: remove newline from format strings, always append itDaniel Stenberg2021-07-071-36/+36
| | | | | | | | | | | | | | | | - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
* c-hyper: add support for transfer-encoding in the requestDaniel Stenberg2021-07-051-27/+36
| | | | Closes #7348
* http: fix crash in rate-limited uploadJay Satiro2021-06-291-0/+1
| | | | | | | | | | | | | | | | | | | | | - Don't set the size of the piece of data to send to the rate limit if that limit is larger than the buffer size that will hold the piece. Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE (curl tool: --limit-rate) was set then it was possible that a temporary buffer used for uploading could be written to out of bounds. A likely scenario for this would be a non-trivial amount of post data combined with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k). The bug was introduced in 24e469f which is in releases since 7.76.0. perl -e "print '0' x 200000" > tmp curl --limit-rate 128k -d @tmp httpbin.org/post Reported-by: Richard Marion Fixes https://github.com/curl/curl/issues/7308 Closes https://github.com/curl/curl/pull/7315
* http: make the haproxy support work with unix domain socketsDaniel Stenberg2021-06-241-24/+21
| | | | | | | | | ... it should then pass on "PROXY UNKNOWN" since it doesn't know the involved IP addresses. Reported-by: Valentín Gutiérrez Fixes #7290 Closes #7291
* vtls: only store TIMER_APPCONNECT for non-proxy connectDaniel Stenberg2021-06-191-1/+1
| | | | | | | | | Introducing a 'isproxy' argument to the connect function so that it knows wether to store the time stamp or not. Reported-by: Yongkang Huang Fixes #7274 Closes #7274
* conn: add 'attach' to protocol handler, make libssh2 use itDaniel Stenberg2021-05-171-0/+2
| | | | | | | | | | | The libssh2 backend has SSH session associated with the connection but the callback context is the easy handle, so when a connection gets attached to a transfer, the protocol handler now allows for a custom function to get used to set things up correctly. Reported-by: Michael O'Farrell Fixes #6898 Closes #7078
* http: use calculated offsets inst of integer literals for header parsingPeng-Yu Chen2021-05-081-9/+16
| | | | | | | | | | Assumed to be a minor coding style improvement with no behavior change. A modern compiler is expected to have the calculation optimized during compilation. It may be deemed okay even if that's not the case, since the added overhead is considered very low. Closes #7032
* http: limit the initial send amount to used upload buffer sizeDaniel Stenberg2021-05-071-8/+8
| | | | | | | | | | | | | | | Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes, but for the situations where a larger upload buffer has been set, this function can benefit from sending more bytes. With default size used, this does the same as before. Also changed the storage of the size to an 'unsigned int' as it is not allowed to be set larger than 2M. Also added cautions to the man pages about changing buffer sizes in run-time. Closes #7022
* http: reset the header buffer when sending the requestDaniel Stenberg2021-05-061-0/+4
| | | | | | | | | A reused transfer handle could otherwise reuse the previous leftover buffer and havoc would ensue. Reported-by: sergio-nsk on github Fixes #7018 Closes #7021
* Curl_http_header: check for colon when matching Persistent-AuthHarry Sintonen2021-05-031-1/+1
| | | | Closes #6993
* Curl_http_input_auth: require valid separator after negotiation typeHarry Sintonen2021-05-031-5/+12
| | | | Closes #6993
* http: fix the check for 'Authorization' with BearerDaniel Stenberg2021-05-021-1/+1
| | | | | | | The code would wrongly check for it using an additional colon. Reported-by: Blake Burkhart Closes #6988
* hsts: enable by defaultDaniel Stenberg2021-04-191-1/+1
| | | | | | No longer considered experimental. Closes #6700
* send_speed: simplify the checks for if a speed limit is setDaniel Stenberg2021-03-271-1/+1
| | | | | ... as we know the value cannot be set to negative: enforced by setopt()
* http: cap body data amount during send speed limitingDaniel Stenberg2021-03-271-10/+39
| | | | | | | | | By making sure never to send off more than the allowed number of bytes per second the speed limit logic is given more room to actually work. Reported-by: Fabian Keil Bug: https://curl.se/mail/lib-2021-03/0042.html Closes #6797
* urldata: merge "struct DynamicStatic" into "struct UrlState"Daniel Stenberg2021-03-261-7/+7
| | | | | | | | Both were used for the same purposes and there was no logical separation between them. Combined, this also saves 16 bytes in less holes in my test build. Closes #6798
* http: strip default port from URL sent to proxyDaniel Stenberg2021-03-231-1/+1
| | | | | | | | | | To make sure the Host: header and the URL provide the same authority portion when sent to the proxy, strip the default port number from the URL if one was provided. Reported-by: Michael Brown Fixes #6769 Closes #6778
* http: make 416 not fail with resume + CURLOPT_FAILONERRRORDaniel Stenberg2021-03-171-0/+8
| | | | | | | | | | | | | When asked to resume a download, libcurl will convert that to HTTP logic and if then the entire file is already transferred it will result in a 416 response from the HTTP server. With CURLOPT_FAILONERRROR set in that scenario, it should *not* lead to an error return. Updated test 1156, added test 1273 Reported-by: Jonathan Watt Fixes #6740 Closes #6753
* http: remove superfluous NULL assignDaniel Stenberg2021-03-111-3/+1
| | | | Closes #6727
* http2: remove conn->data useDaniel Stenberg2021-02-151-1/+1
| | | | | | | | | | | | ... but instead use a private alternative that points to the "driving transfer" from the connection. We set the "user data" associated with the connection to be the connectdata struct, but when we drive transfers the code still needs to know the pointer to the transfer. We can change the user data to become the Curl_easy handle, but with older nghttp2 version we cannot dynamically update that pointer properly when different transfers are used over the same connection. Closes #6520
* http: use credentials from transfer, not connectionDaniel Stenberg2021-02-131-9/+12
| | | | | | | | | | | | | | | | | | | HTTP auth "accidentally" worked before this cleanup since the code would always overwrite the connection credentials with the credentials from the most recent transfer and since HTTP auth is typically done first thing, this has not been an issue. It was still wrong and subject to possible race conditions or future breakage if the sequence of functions would change. The data.set.str[] strings MUST remain unmodified exactly as set by the user, and the credentials to use internally are instead set/updated in state.aptr.* Added test 675 to verify different credentials used in two requests done over a reused HTTP connection, which previously behaved wrongly. Fixes #6542 Closes #6545
* urldata: don't touch data->set.httpversion at run-timeDaniel Stenberg2021-02-121-10/+27
| | | | | | | | | Rename it to 'httpwant' and make a cloned field in the state struct as well for run-time updates. Also: refuse non-supported HTTP versions. Verified with test 129. Closes #6585
* ftp: add 'prefer_ascii' to the transfer state structDaniel Stenberg2021-02-091-2/+2
| | | | | | | | | | | ... and make sure the code never updates 'set.prefer_ascii' as it breaks handle reuse which should use the setting as the user specified it. Added test 1569 to verify: it first makes an FTP transfer with ';type=A' and then another without type on the same handle and the second should then use binary. Previously, curl failed this. Closes #6578
* vtls: initial implementation of rustls backendJacob Hoffman-Andrews2021-02-091-1/+1
| | | | | | | | | | | | | | | | | This adds a new TLS backend, rustls. It uses the C-to-rustls bindings from https://github.com/abetterinternet/crustls. Rustls is at https://github.com/ctz/rustls/. There is still a fair bit to be done, like sending CloseNotify on connection shutdown, respecting CAPATH, and properly indicating features like "supports TLS 1.3 ciphersuites." But it works well enough to make requests and receive responses. Blog post for context: https://www.abetterinternet.org/post/memory-safe-curl/ Closes #6350
* lib: use int type for more port variablesJay Satiro2021-02-091-1/+1
| | | | | | | This is a follow-up to 764c6bd. Prior to that change port variables were usually type long. Closes https://github.com/curl/curl/pull/6553
* urldata: remove the 'rtspversion' fieldDaniel Stenberg2021-02-081-2/+2
| | | | | | | from struct connectdata and the corresponding code in http.c that set it. It was never used for anything! Closes #6581
* build: fix --disable-http-authJay Satiro2021-02-041-1/+5
| | | | | | | | Broken since 215db08 (precedes 7.75.0). Reported-by: Benbuck Nason Fixes https://github.com/curl/curl/issues/6567
* build: fix --disable-dateparseJay Satiro2021-02-041-2/+2
| | | | | | | Broken since 215db08 (precedes 7.75.0). Bug: https://curl.se/mail/lib-2021-02/0008.html Reported-by: Firefox OS
* hostip/proxy: remove conn->data useDaniel Stenberg2021-01-261-1/+1
| | | | Closes #6513
* lib: remove conn->data usesPatrick Monnerat2021-01-241-8/+11
| | | | Closes #6499
* http: empty reply connection are not left intactDaniel Stenberg2021-01-211-0/+2
| | | | | | | | | ... so mark the connection as closed in this condition to prevent that verbose message to wrongly appear. Reported-by: Matt Holt Bug: https://twitter.com/mholt6/status/1352130240265375744 Closes #6503
* chunk/encoding: remove conn->data referencesDaniel Stenberg2021-01-211-3/+3
| | | | | | ... by anchoring more functions on Curl_easy instead of connectdata Closes #6498
* http: get CURLOPT_REQUEST_TARGET working with a HTTP proxyFabian Keil2021-01-201-2/+3
| | | | | | Added test 1613 to verify. Closes #6490
* transfer: remove conn->data useDaniel Stenberg2021-01-191-1/+1
| | | | Closes #6486
* http: make providing Proxy-Connection header not cause duplicated headersDaniel Stenberg2021-01-191-0/+1
| | | | | | | | Fixes test 1180 Bug: https://curl.se/mail/lib-2021-01/0095.html Reported-by: Fabian Keil Closes #6472
* lib: more conn->data cleanupsDaniel Stenberg2021-01-191-3/+3
| | | | Closes #6479
* vtls: reduce conn->data usePatrick Monnerat2021-01-191-1/+1
| | | | Closes #6474
View Lorry Controller Status